Malware Analysis Report

2025-01-18 01:06

Sample ID 240613-g7n82a1fpn
Target a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118
SHA256 a34b547458b2f448b7f9c50bb49d3b3279599ca03e6715e2a6e73459d59489ee
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a34b547458b2f448b7f9c50bb49d3b3279599ca03e6715e2a6e73459d59489ee

Threat Level: No (potentially) malicious behavior was detected

The file a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:26

Reported

2024-06-13 06:29

Platform

win7-20240221-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EFC18341-294D-11EF-9267-5267BFD3BAD1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421886" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ui.hub.toocle.com udp
US 8.8.8.8:53 www.cf0.60fn.loan udp
US 8.8.8.8:53 china.toocle.com udp
US 8.8.8.8:53 img.album.toocle.com udp
US 8.8.8.8:53 ui.b.toocle.com udp
US 8.8.8.8:53 31.toocle.com udp
US 8.8.8.8:53 china.chemnet.com udp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 ui.s.toocle.com udp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabC12.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarD05.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00a28db35d12d33d6feddc4991bf025f
SHA1 9ab5a75bb78ccdf86c891bdbfb8b961857772690
SHA256 fe5ac973993f3ed729f7eede4d6e9684a0ae7a78adf7cfeda0118ae669ad4ae8
SHA512 725af0e28918fe8c1c6613d8b55d2af86992d107a1589ca6ab11c37a390742986e89ab63496323536f225b6381e3eb88c9078ad88c96fad5c089406fad5a6832

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63b895cbe17bd948418295c1f76abe86
SHA1 a1662bdabe09e17d79f65c3b5510e6c458f204f8
SHA256 356aeb60a5cd71027420d900c6dc871d31b359f912e824642bd2a8ea84902a1a
SHA512 a3cac602dcfec74524c4fb37d88582e0148864c5d5eb61a0cdb7a9463f59d08c97ce1cca8965805c9949ed7ff17c0a262d7fe99f2a949ec8512ae85c60586584

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37007c99124a5b40ceabffdb0c648a99
SHA1 a296a502b9573bf6a7b47b2fda57559b228ae79f
SHA256 738ecf84c6fbe47c20841e712257575a20190a1b79a27effcdf4bd4abf0d2d0e
SHA512 1f17b2fd958a2a917205b164201fe39feed9b01c22cdf23e5874b749e3baf0aaac2fc04a94d9ed4c7cb930f2f612067d690d682a93db032876c5587e80d0bb2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7b5d1638dd9b886981e3ac15bfb48db
SHA1 df4cfc2d3a5729781216b49e24cfe093076ce006
SHA256 0ed1e7875952b6911b31d3e187a3365960dc0044da7bf8526cbb62026ec1d201
SHA512 1ce8043734b777edbb634737740a30170bc7c02b0becc2718e209a60e04d19e6d67b3674abe7218f224ba1d231287210398daef3e556ec1412469a78b863b210

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dda733fb96560c0eff3a2baadb3133b
SHA1 0b4aeecf369a8bfe0f6d7d636fe800895229f0ee
SHA256 43dcbd3386ee56b3430e5f62dcfb875d16f66523a5870f0dc82e6823eded80cf
SHA512 a6246e1c8d358528aba9320827fffa3df60b445851f54d236a1a59f3464e96654a4b285a90c09ef27ff290bb778c5155bc2dc03c6f637368244c66c62dfe0ca6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 983f7de5fab1bef0659c473a586996a0
SHA1 4552fac8f344e0512ffe8ca0a3b8954e13939b5c
SHA256 885faad7feef76f768617033a9650c21bfa9330ff141008fbc4b9075ea0307ce
SHA512 fa1a1e9b5c400d1bbac5a200e970c2fd3b2f71011db6c61a285abfe512a35edf149238eeba61709d0dd3e6c1df57bae9c29b21af85798fec162c948a77e38a94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06935ee61faab436f11a800d1fafcb89
SHA1 4eb0e2630a9cd06fd079ebdc845d1ed7c696fc74
SHA256 ad15bcbb40fc0aaaa4670e41e37696a2f7cb7cdf8fc1dec64a289ef2cc7e5347
SHA512 2c8c9e2535a0548fd70b15817ba431bcb9e69fa313a4e3c8daf0a11df09ada93a1fec9c8db92f7c091e5cb9c2bba3592129c1eaa268ef483dc4438a0c9736e34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9acb2d59c0d665f80825e7674b1d2e8e
SHA1 47358272813c37ae57690e56800bf0842291b7ae
SHA256 f31ab3ae70dab489a7d5be5e690ea9094c942fba18c955fca5a802221680f762
SHA512 90d7264c6417db0b308a0e7c383b603c5c3b4bfed0587cc4794340fd396853c7e32d0b7e73de714e5692a6f5c36b55538834376f7e60d922994ca4304801aa98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5de8fed60a8516c7331a33bcfd34aebc
SHA1 021727e3a8d1e390d71c68aeb7a85be910cc69e8
SHA256 ca7f1fbc4db7e94e9d8f0918d67020b372ca4ce7973a8a421edb28a23a67f8b0
SHA512 73055b463aa0defa4d05fb41011b021cefecb6a0527264e582a8775e906abf4dd161f94c66b975c87b3824695abcc4b7d896575c9de4e6a00f4b15e35206e01d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40d1a6591b0163d9942f03f959e0ad80
SHA1 15a82206305b10000469e036063839c700a16914
SHA256 5d6e861d8b64a5bbe33953b3ea3554c82bf6658064875a942f2dcbbcda1e5d97
SHA512 69e61f06c5e57879b9e5ca48ac7712ae3bd3f9b4052025d97fac86e573e76b4d08cfd6efc60f29eae9c9ed9e97fe3958598853d6f78e227593794faee0543dfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2daf493bc0f31be1bf06585db665d22d
SHA1 2036b027ac51f5956af405c8579c598867c3e4f3
SHA256 7e05b82a4685c586e062abfc74bd2f726818a292dba714393f43bf84c44b6de9
SHA512 e8ede0143625fd254508f3c3829414fc3c0dceaace994cc4943228ce0a600d6d87762a848c49132b64ca46f6fb0ab7d145d6890566463adf5407e7216f1918bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f69015f630ca525f4b3c0646abdf8c8
SHA1 3460dbb672f0037f66007ac2bc77c32c1e08350c
SHA256 77d16957bfd32357418103b784b8e7423b9c76ffe0e0afa458886d89c9e1e76b
SHA512 7ca76d0d4e90e10f203ebf8b0a21c95b54b3cc1be308d5e2f5b3aec809b8420287c47ab4eb3a87a91e79b56682a6bd82a72eb25d5a21b637bd103b6be0fcdc5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b895546e62a0bfb159daa93178b1421
SHA1 7e88a593fbf6d2fbe51216b923957930f6450e43
SHA256 6140cfc85671be853ab7d0605795ab03abdb3ea2aa9e69049c8873519492fbb3
SHA512 b84b03a380b4ab7377a0fe99e9395361a0115a68299f17332ca00c8900eceff757e107f5dd135f664ac115d9cdb1ada1a60c52f5afc6c75fbffba6022aec6055

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d56d876162d8bf4bf9f3f38043993e43
SHA1 618d79fe746902f127a9d21aa9874082751808a2
SHA256 007063e6ba4ebe3c0540231cc7bd170b7ba21276de7d2db6e088f75ec6bde5a4
SHA512 6552e5ef3b5aa5085faa298158b4ebb4e1e88a0713df749651613004be1d78add3a94336278c42aa8a993280c17fef339a1c4736a09db63bd8654d3bc7e96cfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d6a26ff42c970fd0b4f2c657e5f2ede
SHA1 38d733eb121c67cee13b005139ad44ab7964a3b9
SHA256 1d17d1f2017715a3154c71edadea77594eb9c2417f263fb018f481d99983385d
SHA512 cfe77e2047df16753544588266db319c650396d515b9b83d1ad169d1b1a2614a4be066e34ee65f9e83c28cacbaf4f7217f032654fd7294038a81af4df70bdbac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a517a2ade744723251a99919ce3be77d
SHA1 9f8ed529f4047f3bf1e0937ae39b20ccc96e746e
SHA256 723849fc612f3953617a61d5eee0f3d554c1fb7f333e471f29337d15eed926cd
SHA512 5e601a343ab03b33ef66d4cbfc8d9363b8eb333b1771849fe5391acd2a67ba4eebd687a13bde988f6140c62ea52a3484b4178422d796bef777955d2a6ee00551

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9fea8edee41ff751270281ca5977168
SHA1 612fd31761fc0a2d181af654c6af581733e91a22
SHA256 1e35f72599953500ff12328a7fc0e4e744ec65a4e96923493b25403ddd9f06d3
SHA512 66d33c56469059ac46ee0d99f43a87f2ffd68831cc3b0aa2928000e00afd9736f51a49793b17b16d4f4a2564e8cf6ef1df4184b4759badf97983655977b73990

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e4c087c167ce0b3d923a73389452093
SHA1 26f72efc08b28babe6dbc983737077e21dcf8d07
SHA256 2197821cc30488d21d44c332700791688a24f22d305e423a8dcf1dc8a179c39d
SHA512 884ba7519555c092b56d00643852ac31c91a0c6d9d5e2b0c390d6ae553dd3cca1a690323877fd233cceb40a5b9a2b962da8921c48a6a7292ff5414a70ada0212

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe444b2ec7608754630a7238f172e832
SHA1 d5e087d3f68923ab16333e89f7628e03e1350cbe
SHA256 d0d234211534cf0e680218b7054c75ae91e7b1e717f3b63f18b79aaf27c8319f
SHA512 0955f9c37be3de2c212def2a30e78f125f85cdffecfee9e9fa1733b7b86e163bbd964ae6ea964c303c388768688fbefafcadff716b7ee01d21eafd1b01b7c5b9

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:26

Reported

2024-06-13 06:29

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1720 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 2880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 1588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1720 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4321443bb970d6a92e5dd7887d2a1d9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee9746f8,0x7fffee974708,0x7fffee974718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15673677488889874205,1127293282931408675,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ui.hub.toocle.com udp
US 8.8.8.8:53 china.toocle.com udp
US 8.8.8.8:53 www.cf0.60fn.loan udp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
US 8.8.8.8:53 ui.s.toocle.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
NL 23.62.61.162:443 www.bing.com tcp
US 8.8.8.8:53 162.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ui.b.toocle.com udp
US 8.8.8.8:53 img.album.toocle.com udp
US 8.8.8.8:53 31.toocle.com udp
US 8.8.8.8:53 china.chemnet.com udp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b704c9ca0493bd4548ac9c69dc4a4f27
SHA1 a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_1720_ICRILPBNGBPOWFPC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1 86174e670c44767c08a39cc2a53c09c318326201
SHA256 e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512 a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5560b207ec0a37c65a48a6ba29ef8d7d
SHA1 419ef40ff7730fd23b1816563a20d4d55c1a3743
SHA256 a7b65aeb321ef9daefd77da69d33177decbe34a0e001b3b58556f619efff0771
SHA512 a06dd7594e8a08c33acf8f7a5bf1360a8ef014161c5a47b335e0a9e8de6d62cc607604cfc9a226fe74d90d43d62274c50bb4e7a82c54e26e5d480748e587d54e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f47cbb05f424064e9fc7ef93fe9f409f
SHA1 06e57933f3aae04a7550632762bed2e5ae940399
SHA256 a629413f8b283424827c653ed0057141d4804be620996666c1a92c0abb833b07
SHA512 cdb25b1ba18e7bfe64dc114efb8ae1a7bdcbad4987d88c6bb3cd57734845fa2705d23ed50c378d3cfeca90148888405d5c2b67fa99d720ec9fd98b819dde013e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8cf4b16a674c80944bb7fe1a336f15d5
SHA1 2dc7fa16fabb97b6b2276b9c92763cdf4319efc5
SHA256 8488df1e0cb6f11fdb37b3f8022dbec267707b4ca0e0ab22508be80e25590e3c
SHA512 7d1f8b3fe2228309d8614de57dd92d052762647603091e5fe9aa52d1f0c81ad29af3c4c7c091f2fd6803f6ddfea6d61882ae8afb328f751f2d6a3c0f2eeb57a3