Malware Analysis Report

2025-01-18 02:01

Sample ID 240613-jf8vgatdkr
Target a475c5a34a2dbc03798609ce58087e8d_JaffaCakes118
SHA256 a0d8e3f32e466678e72f75dd71a89cd494379bd3946f388b3ed134b96158dca1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a0d8e3f32e466678e72f75dd71a89cd494379bd3946f388b3ed134b96158dca1

Threat Level: No (potentially) malicious behavior was detected

The file a475c5a34a2dbc03798609ce58087e8d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:40

Platform

win7-20240221-en

Max time kernel

132s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475c5a34a2dbc03798609ce58087e8d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbdfd0cc813b4649a9e9875db680c04500000000020000000000106600000001000020000000f58be668db0eeb7fe09dcc4dc4f0ab3f76cb927c31ec6873cf50788cf35fe8df000000000e8000000002000020000000e0ffa452aba4f962f10ccdf0fe15b2d5d24b43dc1b70330591f3d09125e2990420000000ee9ac9f48a48376eee08048c89c300f72370f8abbfb079d52bbc9b38444229f440000000bab239c15ef68de3f98069af9bc29c4d7e3ac1cedea28d17eda46d3bae7d0322ea630f14b76655c367d2ded1d8dbf270209759d90e3efb37a21d9bd0961ff491 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90bf4cb064bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426141" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7F71AE1-2957-11EF-87AA-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbdfd0cc813b4649a9e9875db680c04500000000020000000000106600000001000020000000e5201790f01d67d45a34a9181feee0f07f74acbab2baea30a6812256c2303568000000000e8000000002000020000000f4f8d137fceb330a11c4ee33650d9e02a677261aca4de1e2c4a3de36a347f42e900000006e1d9184081426eac23dd0ff1ea7edf04f63d20dc28ae11aa5118adfdd835060a3df8c3a4dc2eebbaf5c237234e2dab1cdbd75544eedbda2f6600d53d869984cc2ff509f9f44627dfa19c843ec5453344b9d348a4c391cad28e73c787c5f6f389e6ac015248ccfae71b7f8bf6e89f2681a9cf1800e44fabed1445fb19ab62cf6d4d924365521f7c0f42e673893af184e40000000c4853c620d8683d12a31b17d42a10f837010f6ecf3c3bfc3db5dd727e85e6b391166d54cbe5ecc6764df4ba4fbf54d446dd470f25cd0b4b3e30b235187b508ee C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475c5a34a2dbc03798609ce58087e8d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 paypercall.org udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 platform.linkedin.com udp
US 8.8.8.8:53 1.gravatar.com udp
CA 69.28.67.78:80 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
CA 69.28.67.78:80 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
US 192.0.73.2:80 1.gravatar.com tcp
US 192.0.73.2:80 1.gravatar.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 216.58.201.98:80 pagead2.googlesyndication.com tcp
GB 216.58.201.98:80 pagead2.googlesyndication.com tcp
US 152.199.22.144:80 platform.linkedin.com tcp
US 152.199.22.144:80 platform.linkedin.com tcp
US 192.0.73.2:443 1.gravatar.com tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:80 paypercall.org tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:80 www.facebook.com tcp
US 8.8.8.8:53 www.livehelpnow.net udp
US 184.170.245.180:80 www.livehelpnow.net tcp
US 184.170.245.180:80 www.livehelpnow.net tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 184.170.245.180:443 www.livehelpnow.net tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
US 184.170.245.180:443 www.livehelpnow.net tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 accounts.google.com udp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
GB 216.58.201.110:443 developers.google.com tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
US 8.8.8.8:53 ssl.gstatic.com udp
CA 69.28.67.78:443 paypercall.org tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
GB 216.58.201.110:443 developers.google.com tcp
CA 69.28.67.78:443 paypercall.org tcp
CA 69.28.67.78:443 paypercall.org tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 375bd322f84787cfa96ad9e0f17952e0
SHA1 d5e576261fd608e9677328c6a10ca7533e3bf5d0
SHA256 ab46dc9e6938f154478ec21b7df17a3f5ad1e8b60b24c5b15e1e2b76e5c05b34
SHA512 f083615723fdef0c5f014bc3498221519beb786f731453c6a348c0b2e01d1446c6cb27fd72108becc88bd54aed43c16c97b3f43a74f188615df2bc6b9ef729f3

C:\Users\Admin\AppData\Local\Temp\Tar2794.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54515c03dae416e5930b76b55fc9bbb1
SHA1 775cdf41ce96647c3cb5a4fadcbc25ac16b2c4e2
SHA256 dee6b0c0f61d90bf4d4ead3b433d6ce9d7208c68fc36adc4f571b910dabf42a8
SHA512 004c109039cf63034bfbfe4384c38cafffd817eee4ade4a27966ff49ea8759512a7c22822716efed6434556d9e3a0b823031bd1f3ddfd813540f16293435942e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\cb=gapi[2].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28d83e5ec4ca7c059cb438572ecf6cd6
SHA1 fd03d11e117b3ca86762efce46f397e60059caaf
SHA256 1bc83a9324fe8cdfc43e16b886550b17cbba5cf40f2f36aef7687c36b1a54b88
SHA512 6750bf59e1ba9297ea87079eac4aa24e27b08fbf8bdae186f769ad2c28f2a92a6e30959156be9f400e64a24ac774580fb335c3cb9a72296691674625987455a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8003caa25fe3afec76770f2d4bc5eaf8
SHA1 d05f7891ad7275e0f04ff6c78080903183f7f05d
SHA256 43dba72cf0c1d8fdfe16165f08904bc484c1391e550b7f6dcadb4a2fdd7059e5
SHA512 54900ee3bc1bb40e342a613be9df3b97dd8e9d073788235a12bb3711752389e861aad899bfee4948a9e368c6b032db87e2ef9d016a43c18f80d06f6302ad8957

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e5889155067246b0d7dd80c7b22d93e
SHA1 eade57fe519239ccc6f3fd4dc3872a85c3116ce8
SHA256 aa6aa488ca1309cdd954dae056ff799772b62ad1287c662e011affb176f19535
SHA512 d39f34e8aa3d0faf40541957f4ceafb01fe4c86712f2b4b7f6686b55653f631afa676c8ac899bfe179a85ac602f30c2c1b21adf036283abeb1de9e8b3efb3fec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94bfe59fa1e76e49f1a45ffe0d327d55
SHA1 5b01ce0d93d380a702e6d2bb6f0dbbd245bd7738
SHA256 b14db2ddeb35e012a73867abefdde5518385bcd7b8cda167212eb36f8778c2b8
SHA512 a4ea8e98c81feeb7c63c8a00f358a293a9256dabcb722fe96c283c86730782d47f7f87e0ad9357083e9641024a257ab1c65f514f798ae41e27bf996633a64c4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8399f7c7ba3002cdb319b50d2eb48478
SHA1 7b96067cd0b90b457cd7267ba0c0a35dad03eec3
SHA256 26be1c4f5e2a2a74d74ac3270143c8d675740bb2ed8edfccdc9fb646ce13856f
SHA512 f0b968390f755de0870dee96f12f5f13e64aca083b6d182ad664ddb2f4ff0da73ad09c0c736672f8cc6879888517b42ec27ca8b807e34a940da1c33abde961d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74d299e0f44871d1d0ee1b8babe2035e
SHA1 40a1d808bc6ec1e2754a26904bc59a5e2aeab397
SHA256 27f6170b76e979a83eedeb48011b21ff421fce56f050a188bb153831acfb4b0e
SHA512 3d8631aa45ef6880c882973145399b460ba4c0b5430f572a9d65b0b12505eb78d8b2136f4d9241c12c2d9d22269822219a3147d4d7f0e7d92b2dd1ae5b36c185

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 169351492705a15f22709e62ff61d1d6
SHA1 401a6cc3619fd26d830aa857acd111f2de04c3f8
SHA256 530be1285d47588e5d26302a9bd26a49bb4a0b7e880734cc381f07caa6cb4497
SHA512 894e21c2465e4a97ff1e57bfb65d746358fe30d2d3806f24d1db8cdb9911c17213a93a1909a0c5fef39abe99d33cacdddcbaff9bb6985864c8b95e4ed581f303

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f179b69460226c54b2d88b4f7711e38b
SHA1 96b5715f5854ee9350a4bf21afc8c5968c04caa7
SHA256 1abe958d5c1637df721f8672f431976f356cd817b456061ebf15c260793e38fb
SHA512 94f55df81bdb555e6c73aa85c93119e429d9258df3ce65a25e80fd937f089767cb0a80d0a8f1960eb0a83e99e4703818191a98a573b5997101494fd65cad7b10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ed0b9bd7286ecd0e81db3bfe476981d
SHA1 2e143185c1d5bb547d230c09d4276ec6507ab7ad
SHA256 2899404b5d043bf87a9cb21186fbb6bc02147899f57b1beea888c83478d4f008
SHA512 ecbc4cb6b023cd5ca721aa0c7ad9ab76f539c75e588e49d1915577c81015c2f3a7320789a8654789699f54a534073fe043289c00e2824f4a09e7e31224740f30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40acd6c1f82f6f9abdcfaa515ef83a73
SHA1 d610f2c5aa10fd8c7f0b37e8d4b5309606f99895
SHA256 25107899f7ce2241c97a727ad6af6bcaa31813e01ccc0df8207076e3463d5804
SHA512 c11218e7588e99ea648a36c84ae5a0804874393a03427eef5741fd28d8bcb538e7eecc653cc184d9e15612cb2df07de5b1a851743c5870317875f39e3fc7e397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 976154424f1f936c9ec0d4f077345865
SHA1 65b4738f616f7bda6524a950b96fd372dba30575
SHA256 ca56a1c9f7647d1603a8850ff09556eb509245aef7792eedcc103d5a32b235b4
SHA512 8a6c4fe59a6b54dbb1f0747fe01b180cf9248b4cc58dcc513e9d1a916d5dad0748224246febb9bff7c3ff2bf28657a123f1e0671bd35ef0f654c84e93957280d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c877c9035e6559077662f49d7486e40f
SHA1 b0aa95d16517a5a083a089dd58fb24e83b390359
SHA256 477994fd696e2c1ea1f3a2fff00194a41ac9ee220d52e228e7fcafdd3bc8f42e
SHA512 c71868548b20c3e4dc314df88016f2fa564dad65c2f6460f311638719c7da120564bffa232db4de985ca077272b44227c5ab138211a6b9c897b6f8d5eacedba1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a244e6ebad988def7868581da7c2be47
SHA1 be80551de562d4204b28953ca3451f5beec9ac93
SHA256 ad49080fcb1ec2734900f4baec32f782ea0b1f2a3db508065b979f857726e387
SHA512 47c0edbca0eef243435fcf5299ca5ff0de6fc7372795454f9f48f70b9e759343b73856aefd3fbdac324744c8d871d7f1d4ab60a4cd886011bba62e67be35def6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6168a18c60e42415e85aa6aa1bca3c3d
SHA1 9f89efabc69423d8416aa3a2c1b816b820aac052
SHA256 42f1f0b79299eda94d6c5741a407dc4639a2e7035b728f8a87fc0ee79802b74b
SHA512 f7d6242d5eb6a595d5ded5176ed5c01fe58f13c29aad93663fdb6b58fbe2ec39d3daf9aa4f30bf48d666d8a62926695107d805a4abe873adb6bb2c40209d96c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48b993c815461e1c06dc36a76e86c6b1
SHA1 bb3316ea4fbf3b358b7f4c5583a61f53a8a826a3
SHA256 820acc1ac1214324dec78d57f19865e1f2fae70bf4acd817fd8f40682a821ee8
SHA512 3cbda91b07871e3f5f97b59edbd494904132abdd553b9b5f619bbf2a0f5137bb61274d61d5725573798bd944e22386759170c1b2e850e0fb77722e9f3baf7ffe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bee22131399266f455e08a0eccdcfef0
SHA1 257adedbc44e5f5971f5af6bb88d97cf3d2d9e83
SHA256 c863c0c94f30b7841aa286079ea8eb8d1f48a8ca4e399ca63e5c54268f950c6d
SHA512 a49b8e0357df1699cdecba822c6c40e1bb04952ab0bf0226d6af8a94e376281926923b79660f8ef5fe7ff3eb93823bcb91e0036fec27af746b8374416a12b4ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d707769091cf3f77ef4875e6f048995
SHA1 3b96c34e9e03451e73d2f662a1cccf243b52f3ab
SHA256 a9360bfd4977104728ce52fbeaa6f1d4f1efaf66978d24e9f521ad7087641731
SHA512 374069856c3fa5e8d9c54232f2f0f79f9254cf5a1667134a718e4d37decbba8f991dbcb1e1c802a2c241f1255a43cf73563c3a439b3d9aceeb905cf0862b0283

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7aaca6e30f3f35e8d6e36e1b592909e
SHA1 67faf7403b3cd2354f6728ad4c72ac2e57e22899
SHA256 001183f1c14b2c4870c751d2d0bbbfbcfd3622603ce74e95c28b166fd99180c7
SHA512 cbbe3490c0eb8f2cfe3c4a6e21b49820ed7a3181ab953c470f4ffa41c888731ccad6c2f794b43360d32407763bab8b54aa1fad2f695c61964ba4eaa81606d20f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 cd1dfc68cb48ff5303ab26f78a43a7be
SHA1 a2eba7dc998944aca3a7e0ab770ae834a8da68eb
SHA256 9b371b25c73ca473f08a15feb8f9b63e1aadde4b5381fcc280bc6b169f4bc6c2
SHA512 0fcfafadefe3092695d6fa2d0ffcbf364740d81e8c5ebf27eecae4e5828413619fe3a3dd0c3c26857cc06919c245f7002d2debb7b941d352129b2b3d12906430

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08321f9222fde77d382f85c4a8893285
SHA1 8027bf32f939cbcac081c2937cbe827be35bcf94
SHA256 0cb275156040ffda3b74019d9bd7d07868b12464a520938cfcb32f868fb3fb8c
SHA512 86ded1827938e069a12805453e5cb1d3bb4dbad77d2eab545249410c095daf73bf81ffc9f12252747e5fb2ea478534f877386ce3babea9273816523987d47c92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9faca3e698566c4383dc687a92051039
SHA1 cae4e61054c8878b57c3c16bb921eceba06e2aeb
SHA256 edabd48a6f4a6e24db6220bec0b28bd852effd9af00ed8f5d3d9d00e5222c635
SHA512 82fc909af203e56fc9c03e137c10eb5ee88e4a9477ab0539ee6a9c3e3f9c9f8a0e77762881a5309c2c369877164b828f6fff5dbe12db7b916079fa66d2de3d13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02c1b7aab61590c8d80613d5b6dab82d
SHA1 3922db449af1b7e56c1432f661c7e171a7b47183
SHA256 89e9bfbd4f2c9762759caecd2c8e8e6ece657ab797d310f33337a26f48153d53
SHA512 d0eec9bc67662a64adcea2bf37abf75f0043c28c7e396db96c367eb2f047d53387aa74cfb4481412877edf1bcbde6514a884331a2f581bfddda22507d8941a74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f08a94f54bea5fe5de8d133db50aad7
SHA1 de11c57b6064d7fed253ac7807feb1be934053a1
SHA256 5457af7c3a5e2279142cde6b671fd22ac833e3be0bd5a8a5c0d87493506b8ff6
SHA512 660de81d5df0e8ea911b04b6164a459a38046d92caab22f6e03b5dfe8eaca11afaa2e006dbe2b30bbfac3d0dd3e7508670f90ecdc9f361fa82acf610fcb76599

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f48f6bc1896170da232cb8d7201749c
SHA1 ac526c58faae06b9755d482cd882320d78dbb90c
SHA256 800b6047c303bcb1d850c2f77f1e34ad35c2e8d8baba0c6e4425fdde8a98cf44
SHA512 31734b856df61eb4636313a464af3f606d79d58d556362a5bc20027d517dd178ea480bb402499b3f43bc134a9fce053405de21e5c71c209ae423fa0c85845607

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:40

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

156s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a475c5a34a2dbc03798609ce58087e8d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 392 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 392 wrote to memory of 1916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a475c5a34a2dbc03798609ce58087e8d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce9946f8,0x7ffcce994708,0x7ffcce994718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3516972733837059023,14050454570751891673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 paypercall.org udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 paypercall.org udp
US 8.8.8.8:53 apis.google.com udp
US 52.111.229.43:443 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_392_KOIMVSMHAVZXOBCR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0918d20f75e86b5a8ebeee2895be15b
SHA1 fb627df4e313c1f85ee385520fbc3c4cf072a835
SHA256 aef9ed61ba9bc537a1915e5484f4da71acc115f585b8378014cc020431eff21e
SHA512 707ea8cd346988b0f0f7825996d525e6c8ffd8cf39f5745be20470d329f534d46c88e29d7e0364ea836452273574ead83f313017d9bb900c55b28bd60f2f1062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 afee86822f64ceb35122b26ff393d7b3
SHA1 191c619183f2ec4a1f0ff049356c569f251985dd
SHA256 377c07bd236e6c531b570c4fcbfdac614e8c5db5a067cacf77c03ae9e6d14b3f
SHA512 fd3caa998a72c0af14ba2e4244999e8c1e79749c621dddb8fadbadc760a9d41cbec6c1b5810fe6527674200df44c7fb1d4e8bd44fa2feece80fa18b37f0c4c06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1719a6cb9a0093b09a5909c9489e82a4
SHA1 b7ef1faaae3cb583b07f03f6a84ef3c3e8bc5914
SHA256 92a859a6c6b937562b1ddd2048cb69c26baf6eff4498ab38349a4b4ad18d75ee
SHA512 9248ef6c037087ebf86e738e394e7274aef544681303380ed19519fe7ade3f9c619aa961ec9065b4bd0ebda8fa6579a72fca9833476527903e924d5f5d5b68f6