Malware Analysis Report

2025-01-18 02:14

Sample ID 240613-jl4gyazcrd
Target a47d1f1dab69ef36f3ea1b3e23ab471a_JaffaCakes118
SHA256 cda7e58434fc75b53456267e2ae1012abceafea868678077c7504bdd6ce65eaf
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

cda7e58434fc75b53456267e2ae1012abceafea868678077c7504bdd6ce65eaf

Threat Level: No (potentially) malicious behavior was detected

The file a47d1f1dab69ef36f3ea1b3e23ab471a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:48

Platform

win7-20240221-en

Max time kernel

140s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d1f1dab69ef36f3ea1b3e23ab471a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426647" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05867221-2959-11EF-9CEF-E299A69EE862} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00fa1cf365bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000691824cec715354d90323e08428d7a9000000000020000000000106600000001000020000000526b353bebb9879b2948a53dfe5615d2a343b24ca0c53e80d886100b74828bbd000000000e8000000002000020000000f0d34f72d163d61931f2a56e776755ceabbea38e9aaf5064e99fc4f2968339ce90000000d8cd06bf2ce30e92ecb838c99ba831ce545591a17ea5d169f9197c2b0d0f480d0f8eee7ee3d1c2f3fc7768f874de9eb2ba330669dc41424dd25d65f5ad600a17f826214180750e53ec8ff750e8e1fbf3d6902dba4390452dfaf5e05bbf57cec35fc35bc711da07f7a442e7d972795ce701264e383eaa1d2832d68280de6df1533d74406c38bd59a9cfb914e190c60c7a400000007df27f01eee2c18a2d721fed9faaf793410b27a761045d19f9b2bae68f839dac363d8d62ddc022765bc831b3777497807f86b9367315bca0ca3ec7ec7d3793d7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000691824cec715354d90323e08428d7a9000000000020000000000106600000001000020000000d2593a7471f2418b422926d32f11fb62c93c1e116a2c63a53d666e45245a7b97000000000e8000000002000020000000fa2e7a6e563f4bf3b1a396f62ddafaa8dc8d542cacd5d85bf2b8598c0348e4ee20000000076a602ecf767292661fc1a634ab7bcefdb38ea23a81071bf74c50abe2de065240000000d9b954ff689eacbcdad1ebdd80e5775cee066f83c0a7da69a39ce6cb4002d3e257f270c6bfe163d6037c07dc1e6a43344015f306c16e2e57fd14368eaa1dd4bb C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d1f1dab69ef36f3ea1b3e23ab471a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.homedesigninstyle.com udp
US 8.8.8.8:53 st.hzcdn.com udp
US 8.8.8.8:53 www.ikeahackers.net udp
US 8.8.8.8:53 www.assoc-amazon.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 8.8.8.8:53 st.houzz.com udp
US 104.16.151.108:80 www.ikeahackers.net tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
US 151.101.0.93:80 st.houzz.com tcp
US 151.101.0.93:80 st.houzz.com tcp
US 104.16.151.108:80 www.ikeahackers.net tcp
GB 216.58.204.66:80 pagead2.googlesyndication.com tcp
US 151.101.0.93:80 st.houzz.com tcp
US 104.16.151.108:80 www.ikeahackers.net tcp
US 151.101.0.93:80 st.houzz.com tcp
US 151.101.0.93:80 st.houzz.com tcp
US 104.16.151.108:80 www.ikeahackers.net tcp
US 151.101.0.93:80 st.houzz.com tcp
US 104.16.151.108:80 www.ikeahackers.net tcp
US 104.16.151.108:80 www.ikeahackers.net tcp
US 52.94.229.212:80 www.assoc-amazon.com tcp
US 52.94.229.212:80 www.assoc-amazon.com tcp
DE 91.228.74.244:80 pixel.quantserve.com tcp
DE 91.228.74.244:80 pixel.quantserve.com tcp
US 151.101.0.93:80 st.houzz.com tcp
US 151.101.0.93:80 st.houzz.com tcp
US 151.101.0.93:80 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 104.16.151.108:443 www.ikeahackers.net tcp
US 104.16.151.108:443 www.ikeahackers.net tcp
US 104.16.151.108:443 www.ikeahackers.net tcp
US 151.101.0.93:443 st.houzz.com tcp
US 104.16.151.108:443 www.ikeahackers.net tcp
US 104.16.151.108:443 www.ikeahackers.net tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 104.16.151.108:443 www.ikeahackers.net tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 8.8.8.8:53 muraker.com udp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 151.101.0.93:443 st.houzz.com tcp
US 199.59.243.226:80 muraker.com tcp
US 199.59.243.226:80 muraker.com tcp
US 8.8.8.8:53 markmciver.com udp
HK 154.39.118.211:80 markmciver.com tcp
US 104.16.151.108:443 www.ikeahackers.net tcp
US 104.16.151.108:443 www.ikeahackers.net tcp
HK 154.39.118.211:80 markmciver.com tcp
US 8.8.8.8:53 ikeahackers.net udp
US 104.16.151.108:443 ikeahackers.net tcp
US 104.16.151.108:443 ikeahackers.net tcp
US 104.16.151.108:443 ikeahackers.net tcp
US 104.16.151.108:443 ikeahackers.net tcp
US 104.16.151.108:443 ikeahackers.net tcp
US 104.16.151.108:443 ikeahackers.net tcp
US 52.94.229.212:80 www.assoc-amazon.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\CIMG2407-550x412[1].htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74da2299f7de1dd98cd7072ab70dd872
SHA1 82edc59df83a3f6d945525b99f2edfb3f0e64315
SHA256 11f4daf957f55ab5185a167846c99cdae3b63f228346a8ac73624d3ca69903c5
SHA512 0a6893273c1c0df0de5b6cc40c8d8cdd1299c6be355b0242561ec607bcd34b9bebaa2fbf638e6e6f32ec31f1fb6e898eb575b9910dcc0cd79cf6852802b3b162

C:\Users\Admin\AppData\Local\Temp\Cab2687.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar269C.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Tar2791.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d9439b3a6793dd3f4f9a770cc36efca
SHA1 010f55fd87b6e7701e4cb99b7215e491710adae3
SHA256 84d9f00103a8fd22a8c18abfe4fac29a29c3fffdd91e7a09a60c1bc7cea8c288
SHA512 e034a4d7a7e95d9e8f4b857f3bae5c8170bc262b4861f450b80fb9b8397466abfcb9ea4ecdf60eaa1ec0cc37b1ae15925f2111c875fde49f0ad9134edc5a44fb

C:\Users\Admin\AppData\Local\Temp\Cab278C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fece32f38abe7ffbb6434ddc26e78568
SHA1 a87a59a5e1e566749f374ad849ec34a74c0e8da5
SHA256 bb386377f66a9b42c4c51ffcc16683f8c2956b7eaf711262c7a32142feea5cd5
SHA512 d8f33b2cac802bb9333e28913bd935789e303038deb1c9a7e97113e9a3ffef31979edda40c61942a3fe4026bbf020ac015670da3a558ed6cef69d3fcedc29281

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 027be5dced9f6050b443d5f15d782479
SHA1 84119646d6759477f5e26ee8fb1470366fa5fd8d
SHA256 a12ae257b4cefd88bd162d900aaca8b1034ef3389b215ede6c62def30d0d2028
SHA512 8d444f7fd4d01d9ce02e007fccd1f9d60dca9f1d55458cf387f1f75f7144940ff53b87a44ce51de60ab1a17bd739e9b2ea2d623d3e1cf0b7fc49b127f72f228e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 6d6832e66c2159bfe39e615b5b37a39e
SHA1 5c44d148693a919331e40c987386f99c33368327
SHA256 d0d21d56f77dea927b2814ecfc1536a00a5d72d353a2ad559037ff7942ec7821
SHA512 4144eed821b131785d4edd6aea20ad82c5139fba537019b938158501835130d939fef36294333ba27cf311d2731228363ad67df6020a344055be870a65108f03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 b74487543d111f9cfd3c0ffa04aaa1da
SHA1 24029d8280e4d096c36a3a3ce5511752f7f66005
SHA256 1be0e8d91ae5503d65ac368d27ff045b13e10088f16b2a9129fce43751852355
SHA512 84605bed80a79e7879105f36968640ab481ff32c84b23342e1b82f3476924a40869ade9a60870d68704a4af4fcc63a7e1b290f524faa5311101ff2d568b12850

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3ac8d1a337097e125373f9a98a69564
SHA1 2bb0a854c14c7e18cd63ced455ee4aa813b6e24e
SHA256 9089a3a47534c6829756288a542545e8ec7d0cab4baf05f1323e8f15ac13f232
SHA512 9f42a8565c8c94493b0bc5f7843be7ea1edaae1b430db228617906f87c44392bd4bbd8c1ffba2bf01e0827fe4510e906a1ebece2bece92816ef3951f172d0173

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c42c6fc96555f816489048bb3da1111e
SHA1 1d8ba600dee4c132596d15682d177bb8bb394a49
SHA256 f81637883df284389ad054873c4d6e20f41e74053c52b72af0aa7fd3fb5cb0ba
SHA512 d8070970c8dd18cdedefa2cc60fde0572f38dc06ccb653a71cc97bc375ec06f3e16e9d800a27f9f1e4d7ca1338cce5d9bc6acb87872b1caa59bd7c928ec21abb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d73fb7ce4a49a00fc7c93a0ec19737d4
SHA1 0eac5e186d27546ca12bead4252719be6a0ca9dd
SHA256 eef81734c0712f296b66c6cb617eb150105cd7696b6045c0313bbb248f1997ef
SHA512 fc120e941d5e1c7e79630e49351963bd899b4d6f73033b83f6b0d196d4da51a57d5c888be2c4bdfdbb35ccc4a34b28ce4021c47f8bdf73923bae1afd297dd8f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85b02d87388274e3c6dce7fd20e37bd6
SHA1 c24802afcba18706975fe603392c3c276d2d7b24
SHA256 8cd023f3ae0f5516d95af2e4b329390f2cae1acf22af5384ec1f7b6bea557116
SHA512 92bd253a2c58d863d43882b2349c9ef2caaad3aa09ab6eef3d3116efcca3f6f8d05fbcc664a7da195063066a0426d7a0fcec71363d101a426adf649dbdb79a6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32c77d77405699bc8df9a9f5e0c2155f
SHA1 251f49deb0a69f8ba87d9f71d0650493f7f2c37a
SHA256 df7371cbe218d2a6a193c91612994406a6a9d394ae59570198d280a76970ba0e
SHA512 28b45ab8d5816064e4afe6f38c14527797517efc6e90f0245c90618c0c56fc9415fd0e803af3aa74f4482be019a4a177ed016d9563c714494bfc3f192587ff6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d0315f23b704e9b0511fc36f6877294
SHA1 4b16368c0bff69e8d0f04159fbc7f7d9831107b3
SHA256 454a0a302935a22d32cab2b0abdb72998f68782cd1f767cc90369099c08c9eef
SHA512 05fcb8e1c9652950718fe3b79204bb629a00f378a32e439281bb443ad9427d1fc816e41ea5e207519def1d06cd4aa48aac88d7f0f7267ba9aee37e8fefe90421

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ab05afd5edf07c9be5e7293717fafaa
SHA1 624acdb2e322a848896459ba73016f978b53de68
SHA256 fff91edd8999eea127776f335e86e493454751dc3e4d6c9470c980cae3dfb26c
SHA512 58d606d28237adce0283bcef6e59bc980f8ae13b65eb9edd86ec1e2cc77ff50b4ce1b70a02e006b7c52afe4eb722cae3d7289c3735d74f7dff5fefa6593387cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ca9dee2ce6c5fc470684be81224a659
SHA1 2c7491f47a3b7087e83daf5108efff8f3f21e173
SHA256 04af3ea1f1b403b205b9a07f191f430172aa6d666b3ff345bd119bbac1f2f02d
SHA512 e2128dfb0346ab4a714f97bbdbed412aa61c08a8436b63a886448825a433bc496296f779dee5db8ce44e99b3e71c954866843948b794a0045571941712a8e3b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5110792deeb9d7884e1a73f3f010ed3f
SHA1 b1534f86b914d1a9915e1b89cb672461dcb878b3
SHA256 0146f3cf66826486e1393c315a642446ebb5d83ab7d3787bcd42077246c753fc
SHA512 ffdf26da9422ac79733b7bd751df4738f9d9609a383af40a4ef2a43ae7224c438ccff1fe011c52e4a377cc5b36c757fc062ed9ad3165943fa95a7f3f260d1de8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b762f9bc3751633229e08cef571c4b03
SHA1 54fada5d88b02487281fb3cdc777f5c910b708ac
SHA256 173b94c51e99df5156c32e240f5a797983b013307687db083eaf9ceb6128985c
SHA512 54a7e0fed95b0d04188d58fcdf8721a18c36dc7ae17953bfbe23a2d79c5636fd81e973c578dde1bdf3bcd2c44e7fe8f50eb8e6c70f7cb487df15d625f8b9714a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97c2f8c8815ba4a8598ed8effda47e01
SHA1 603ba9f7df99ff232cc9c7ab6b39db42965d6f25
SHA256 d39f078bdd824ed88c0e80477453cbd4b8d85dd7230df73541e2561e6fbb0e5d
SHA512 aa11e45ab611db007efb241a73262aa2e1f797b8d01f58e8dda4851835f7ff62c8ee5b29b1ab1562250b69a5cad11694528f037f4deb942ceed394a30f336268

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51a5c41e7c425af15b8064cb469246cf
SHA1 1a53ee5fea7db6a02052277d02de774f530f69f2
SHA256 e8c0fd826c6894b3fd6dc6e55b1d8a63f8b09cd603e8cb7566c1c2f4a28fc1d5
SHA512 88e2840f8fe23a345b8dcbe128471d62ab27b792b7afa16d5d66b02a4ba49371945a9fe39b1e59ed6c27b028faceb7035a64bfd29fb9b06dc76ff8d325376620

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d023de0f9d3c4ab44e0799085623d763
SHA1 99abb9c6b2a8cbad201c7c9195e756d61ece55b5
SHA256 7e232ec1a0a573340b15637cb636f7a0085b840a03b59f157c3c6627e43512a8
SHA512 bc64a1f1e7d924b65bf0408aaad52c59311116b09b4be92dcfcf93fdfefbf543604c46f212042ff17cb6725e40533dcab50b4fc52ca933635548ac969c3eac25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22f644bf5abb74b196ac9cb941dc4bed
SHA1 069095c96fcdded87c9a185ab339f784130001c0
SHA256 e442e7007cf5f852a080ad046d26f345133991852cd923b017e28095d1ab6939
SHA512 d435d8d23e6e16fbddc763ed05d63e8999ebdf03449bb7a81091c50bc6d121dcbe900e8c4c450fac09025fa2bdc5724128c6daa31b620b9478bce198d3e29197

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92a71ece5233718cd65c56bb309cd496
SHA1 d1125c4ac7368b65db27b64ba49d19d51994f988
SHA256 432319be29d01eb6d11c815e27cf163fee518f942364429230b1480fa472be87
SHA512 1780fac6155a189ca8724ba0cb9880b1018a80187c095393ff326624fba901193e00e58e5ebe426991bc9d5433191b1a66e62da8794368add8d90c0121736f31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e81432751ffc40e7a670d7f59a22f782
SHA1 18cffd81b20c62b045b427e94e77b3c7b9fd548b
SHA256 b5505233f99081a6e14a6c4f056d7b5286c3ed9ac64dcf8c45fe23555a85fa98
SHA512 277aaacbcfdae1269d54d614290863631e18a754efda8e9a2f0b8513c1a18bd7a55337cec1df518b3da8eb9d0bcc1da93761ab650ba69336672bd256dd3d4118

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1e7dc0a3aa9b3c50c9c732bede80a43
SHA1 f7c4b9cf15223f7160c5badda855995191ce04de
SHA256 d1ddfdf6b2371a4804e72f2515424f77298fd6d0e0918831a00e02c3e5f6f565
SHA512 b1cbef6164f5422da7d8da6ae9a6db3edc46eb29df7a3ed65c1733017cc0a01f060f956c846c2ca903ba1726e76e84251f07f821314ca0ce7c973aa412d5f06c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2821003a7e61638ef3b7307afbbdc915
SHA1 5226f505bf1804870a7b678db95796b5b6808a7b
SHA256 305530bdbc375c85fd8b027b3406efaef5017198f6a8a3af4a2e94491161f039
SHA512 6cde3327e5eefb129f88d21d8f8a582f29cf3a9be4b73dfda83f9278951f817abf4e9e3542df8df2680d691c9531ad799cd650d599a657642bb06f454f2f7180

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cc36020d31ac58d1d36b99f81f5eb46
SHA1 425c06e750100c7b02b8b497c6cc233704985046
SHA256 d644508b7c8c04655db751c554a40a97364a5a7fe0b9e7e513633f86650291b6
SHA512 3f5b0b0af49683cf35b967ed0ebdff2b20904eef4ab7a0fa3c92f67a3b62038f655b8f8460b603a8f0bcde81d9aceeaa08291443c3484acbf5eb8956f88f97ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4d6c9bbceba31d3f8f329ef63a1d99e
SHA1 3afb39e085d224953389e9c050c05229a3ff0ae1
SHA256 3cfbad43ee916cab985e414770e59f4fe6d77338ed601457d2de7b20bcc9001a
SHA512 ec2502f60e784bf39e08552afbadf39f7a2be03365ac68b42403858dbca65ae5fecb6cb72df0489a77dd8619bc9ba51d52fb82f36bdfd0a9e17890570552c1e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a64c82d9003e42cdf15a229fd016caa
SHA1 43530fde44ff26dea2baf5838d4efdf8aa2ac47f
SHA256 a49e5c3874f566b1c8be2908f2be4828755ac376b8ea1a3e74c47a9b7e866301
SHA512 d3b2a294935f6d572a7875a6f4a16a50cc94ce8c23b66ccd55daef03f6e3792f1e83879e2c359452eebe9673bc1285e3eb751f053322d7d4e3111941ed7cf6fd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:48

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d1f1dab69ef36f3ea1b3e23ab471a_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1472 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1180 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d1f1dab69ef36f3ea1b3e23ab471a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba6a246f8,0x7ffba6a24708,0x7ffba6a24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13162409962914342317,14863305597093882966,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 www.homedesigninstyle.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.homedesigninstyle.com udp
US 8.8.8.8:53 st.hzcdn.com udp
US 8.8.8.8:53 www.ikeahackers.net udp
US 8.8.8.8:53 st.houzz.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_1472_LCBARCPVGMCPFEEJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7916b61f9d1216bed2306227b572f492
SHA1 ce90504a555b06019e3df4ef6e96154f50a78309
SHA256 60fd7d139301724d1ae082c54c5f99a1d28a10cc6ba093524c70d40fad62dbbc
SHA512 139502bcb9b3d30393499defa22a40b832717ada36b37a99ad09032649bedaadfe7dc7d570ee0a4760a9b8a9cc8ae279d5da4080ed5f32f7bc59000b63e01e25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7a6a25e094869c3fe0e6c7d6639c3f3f
SHA1 f85bd5a40847c034557832828ff74f7e941f72b7
SHA256 6647aea5fbdf233bdabfc556f5b845b5893f90ecbbb29c11d5cf0b5055505e2a
SHA512 535a4ff29dae1493d55ea3bb3148dcf7788f97f6a08913c6abf2dc0c14417439d45223e949a9c35357ada0f65f7a0b786a5158525e84e1620b139f36c6ff2441

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6e11ddc51dc60db32c35cc7989057de7
SHA1 6766ee87e5d4f32b483b90e3cec153f091137370
SHA256 a022fce7a6dc65bd0748df3dcc349b2712d01673cf35c00f40a902ba4517c3a8
SHA512 928b6f4f1773bc454d4675df47d537445dd452892a7f73f20b609379dc050414a4bffd9a578a1c5c7d8100418addc7820d5769c69b0c27a2103dd61637358095