Malware Analysis Report

2025-01-18 02:14

Sample ID 240613-jlvvsstenj
Target a47cff1200726c8cfec12690f738c09e_JaffaCakes118
SHA256 19483194da80f670331bbd830a8a01f8e1d1a8cdaf2729b90a00dd2704365e20
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

19483194da80f670331bbd830a8a01f8e1d1a8cdaf2729b90a00dd2704365e20

Threat Level: No (potentially) malicious behavior was detected

The file a47cff1200726c8cfec12690f738c09e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:45

Reported

2024-06-13 07:48

Platform

win7-20240611-en

Max time kernel

145s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47cff1200726c8cfec12690f738c09e_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8CF3A31-2958-11EF-BD87-DEB4B2C1951C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426627" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30996bd065bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009924ae1881370542047fdc59685a228b5d2db20670a7843142961c58eee01159000000000e8000000002000020000000dc640c2011b6bb553c22ac73c66e58100067062297d3eddd2b0729d5362907c9900000005c20251b1cb93837109f20ea5fdc9ee464e1e19038c5803c81cb92ab5e554a5c239593386113c580017a66b980d699232e43d76c119758598ab17aaf39c54a8c028119b54039867d3c8181e6946a0e0e13699d54475888ae352dd2a883a7d8903db06116ae430af0a05f08390e1a25ebc0815a372861fddcd8185d2ab8b5279bbc4f8cf47c75478434c03f45d80e406840000000ebe43bc892421424ebdba05a7db4bfd3bc77b9eaf1c7ce43b3f1f83e6d366af364288da63a6473839c2e4650c33df7afe91f4afd89cff08758194566b5e81b24 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000014a113ecbf3ddeb7f9b02123db567125e69fd8c8e673ec0a7b015f2a01f62d90000000000e8000000002000020000000f8a912cbd3f3967841ec0f49ad78e424604926036940efaeac6cfc039c8cdd60200000007c4b814c11964c4a13cbd90d8333a39bb712d4221a048bd3a8fb753570f40dc040000000bd1f6f9800a719e12835678307dbeeb33941f4cfb161e6ca63f17e4cfde3ce574ef3fd976abdfbe394e8a681a88a8bc29e13a39df55195ac7773af3a8b539529 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47cff1200726c8cfec12690f738c09e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img.forum.ge udp
GE 188.93.89.67:443 img.forum.ge tcp
GE 188.93.89.67:443 img.forum.ge tcp
US 8.8.8.8:53 sab.fast.ge udp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
US 8.8.8.8:53 forum.ge udp
GE 188.93.95.26:80 forum.ge tcp
GE 188.93.95.26:80 forum.ge tcp
US 8.8.8.8:53 code.createjs.com udp
SE 184.31.15.48:443 code.createjs.com tcp
SE 184.31.15.48:443 code.createjs.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.66.137:443 code.jquery.com tcp
US 151.101.66.137:443 code.jquery.com tcp
SE 184.31.15.48:443 code.createjs.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\527CA891EFE3E42047C294AC9E960CA8

MD5 2b4c636d3fa3129dc7d77e96b31fc1a6
SHA1 cb4777de519076c8c949a3e3c193a479ecfd7f1e
SHA256 9a59dd7dc9b4138d27d95b24d61e35e44de6863c6c3c2254a22c5ad202ef75b8
SHA512 479bfa446d5389e075e55d66cfeb4acb67c4ec77ac2636085da7da386b753d5ae21a447384486ef7750a350e582a9665e5aad1b51cb9033c55d13f0974012558

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\527CA891EFE3E42047C294AC9E960CA8

MD5 4392809fdd06fa6863e0c0007c81e524
SHA1 260078fc5abaa4c72107bc86214e5270e347318d
SHA256 1b0ed0ad10191ca399df03db63ef4448445bd93d496d0b8b665aa186ed7b5cd2
SHA512 9fd784c96f38f8ad4077bbdd6ab3aaa1efa4ba781cf7236d63d5ff0d599dc53bdf740b112fe9024f84dd9d737881db8ba3db806e9b37318a1221d1d2df49fdc8

C:\Users\Admin\AppData\Local\Temp\Cab7AFC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7B0E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a756b448624ca47a15bc59741a91dbc9
SHA1 c1970fbabd642a6d8369559057ab071f03f7c36e
SHA256 c123c4c222c78dc43f6d2af760a1a8fd70783aa15b64db10cf103bdff6f61d9b
SHA512 8b2e7c875c003135bc5272c461de2b7ab26cdb6e2d84e6372ecd05f43b77f961ecdd086949d336582da3f52e8ae73e0f1d435d6ca063c6f4be2c23da1f81f0e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eddef4959c47781be7c94849d1c409e
SHA1 88df64cc2a0d9700149923676f1ea8d09fc6fc4f
SHA256 afcde73feef7c135670f1dced8189f0515e51c37b4d3bee12d5b277a7081b7fd
SHA512 4a67bc1ce7a64c9146014e0c2ac50f171203fa51ed74f52df1dc47e0a999ee8af5e9effc7198c07cc2956772786825893707cdbe91d80f2a5329210bf5cf3eca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85c9705e45f12f95f3848c42e79ee74b
SHA1 9008323a29d5c0afe1aa44cf7d4ef93787525c0e
SHA256 2a12608912d71a1514b46ecb5ac75079b97eef0c4ccaae8846e3b90240170849
SHA512 0a04e6c3cd97c2d6f6ae174c353418302e6271e20db4b77ed77c51f11cf48a4ff1e8a386a7f54eece3927b454643f88a1e0719aaf218bccd66641c6162565904

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 feb3da0f12c73f1a719ba163156d8633
SHA1 30ee2bc168aac5d65438cd9813376d1f20160a7a
SHA256 2da6dce3a60919f04d57dafbae5624d244b1a3782a1af6271d51610f5b96cf37
SHA512 6d304e9c3a4a13ed00a3d4481e7ae3b1489e18a9bc51e94948833ba25a1bc4861770fb764365015c60c5a57db65ea99f0833ba1cf2e4e45df4df0df47b39213f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43d63abb1d6b8512eae125e2be9e19f2
SHA1 d04c1028f1190754e423964c350f646c06d2c102
SHA256 c0235b97e91966b3ea3f0eb9806bd0cd98188fe6014418e3e7dc354aa6a9870c
SHA512 936fa47805a51a35da54520ab344334c8929cd3968fdd19bf12420b9775567540fcbb5e1b3ccd3c5642eb710167f2673eed82d654b18dd1173fcdebb54a67a70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25a7514252a5805961553047f898a572
SHA1 6a9cff86d36dd6d527221bdb4ab3c44d6c5517f4
SHA256 f09c2166ae67c67e3b8d92d7e9efdc6bd41e435c99b2771cda81828e26e79791
SHA512 ab2aa7b9529713cfa18877dfbe90b0d1d7b878b358f5d59ae20339090bf6c773a25d8f08fe78ca62bac7b1a267cd27e8d7c99705b4b99de1ffec0fc98af2b87c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fbc1b3f2a4ce4ed99a902494ed97091
SHA1 a4b12452d95979ecf444ef0acd8c89033ad01720
SHA256 62fdc3c782a9f4fe423223241db26c5f2658c35cad1684497489bac8b6382791
SHA512 60a9b4ee4464cb802716492755018f8cbbc3c40be371e64f07bdf08b9ca44adad9937a5648a1146b2238e117456e9c19b9f0e26db58f37f22be45a2b93b46751

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ac23fd6d15a132746c17a7f18240c1d
SHA1 268b8e89d937ba5d1a983651947fd1748aaf0dc4
SHA256 834e13b99ab947d59f563c42b4f585f5ac8b31b46fc24d6b80c46683b543588e
SHA512 4c434ff0bd7f1c598acb28a45bf0ca035e9db3a2a53dc5d992f2f329f8ff6f59dbb0f209926b0df7170f36725b380b272f7e0076163dda5808e969c7762deed3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8a9fe0b46f4cca2c1ab7064fa2adb2e
SHA1 f9a467f5fc6cf08a56c2ea0279dfdb776a854626
SHA256 c5cd934a822699fc2df2a45638dc5824f704bd1dd85773bf5287c65ea6615b5c
SHA512 53d5c384bfb8b37d3932c5e52cf4b1d31177e3272a75e8e773dca5248e454ac88ccce2a0305e141ff008ae6a83bf262de6fa202c051a3b589f06404cef27a5d0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\lg[1].gif

MD5 b4491705564909da7f9eaf749dbbfbb1
SHA1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8
SHA256 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
SHA512 b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85176d3323de00df7a783539b4062d02
SHA1 2b3f994daf4f3fd24374a1aee8158dc095f6d51c
SHA256 862802d5bbf3df5014f6fe6cb8bd2617f9a90557880c52058c7edafff59d22ea
SHA512 53121d80811e4ef13975a747c1c63e0ac9b0f19a3d54b550db7408c18ceda7a31f7d0d66e48309a994e26009d7ff039a5e431a9bd4cd8df240984e50ce451a2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6a3f19ba2a9a399e502549439633df4
SHA1 68710136d0ea92f18bc9d96957d6c913aeb15318
SHA256 418d8151f531d61f17be602661bf8058faa111062b57e7acece710ce9228d628
SHA512 f07383d7a4278b413badee3b2584f4adf7dd078d88e91fbc31567ba3c0eb90aeb514b51bc8fe0d9e33743116d5088a0adb8dedc2c5a2838ec6ef60ff932376ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f05948bf0467a6a0e059ad2b8202608
SHA1 abb47210ae44ea2b4beea0454ae81047e3ef9f96
SHA256 5d0dc9f33ff01dcd5ce5722cb84485554e058fe8275a9a8c5b8aef4c4f2e93f5
SHA512 a9393a010b5276959f457edd1b91b922c321c1fc8ac0011d01e33cdf45ef3cae19b2c7910eb0a5e43a03267d0e9ab468f0201cd4413f88e92aecf33b9e7ab6a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8301622a80cae9d53c46c0d2cb59ce1f
SHA1 836c5841f59dabbd3baead39542fce6af182dbb6
SHA256 7c39f4768753aab325fe4183266fb37786070d4fdd6ad626a4bda8b65e6ddc70
SHA512 225c9d1cc79c4c42cf16a66857dc8ca3b6f3f5fd644bd045f76334e3ea1fbb2caca201d8808aa99a17e8c43d20aa7dcba597401081bf0f90efffa556a644fe9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0879f07905b61671dddba8fbb9e804c
SHA1 a229eb1b829522da5b6864b2287198824bf2dff0
SHA256 c52751f3b3e158d2285e54e44ff6de0069bf2cfd0ee4074c56471d7c3bb07484
SHA512 4f75649b9c13b4132f80ccc2cb64e01f548d6d96e24bafbeff98c7651ed71e1582ea430bdae5130f433c697dc5ccab6d44ae89e1b437a844b66e6da45de90226

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d8aa54992c4727aa441b48d889583e0
SHA1 fee0f619edf1a97db1fe30f09e0ba7497a6f519e
SHA256 6b00fdb00eb8a4fccf155e331f8758dd1b6418189b89c2479499b0fc660a19f9
SHA512 02dd6002f45cbb420dc2db903b63c5a927729b95dccd0de0846e3ae78b0d6f1c0b81ff5280ec47d5fd306421e32069114039a0430527ce1dca2e5aec5ecbd359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c112cafc625a49f9bbd51be5d692d06a
SHA1 da4ee28dcfb05a5eeed672eb49db070af95027b7
SHA256 05f6c7ef165c23cecd5d4f3fc5f55b99a359707fd81c99c792e66a3f3d25ccf6
SHA512 07d2463335313dd4a03f1c5b90d5ca2633d2993fee746ca8735038a0ca5b9783f636927c7474bbf48376eb729b10c483253f3829219442b4b3c91b777c5ac276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1d62700ca08863025d1d2f6111eaf6d
SHA1 5e4606f25ebc4176aafbc597bf2f13f8b06b65a5
SHA256 2acd48a71b06b5620b9275c52dacf332b8678032458aae4b4cd05c68b32c5786
SHA512 f68c43747b5c6551730a8f2264ecb3221deebf151e61ae708244992d989773bcc6d31bd608274af83bf635c63e7b17384f693f1858ce5f55ac388bfa82c406ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b6da6b78836c98dadce04e54ed37126
SHA1 c638aef9164d242c775812f6ccf5fc60c6eaf54f
SHA256 fcd4f82cc05a503113d580d366fa00e2b004a7450e3a97a2f03b0c5196c14924
SHA512 3836f3fc943e8e678f6eb15e4d7a5f331dae4dc576e34c13ef6a9e807425dfbf42b2d99d939d3eac403dd8051289192fce968155090d31e92299020cdb408551

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9218b4edb78f9e0b3071ba9cc0b6f6de
SHA1 df69cb77ae2cbe9ec7dc838b3be7fbd033955c34
SHA256 5c82076232449db64dd549864900e14fe9da3ef430eb8ce756f4512e6b60edfd
SHA512 3ec699d36fea12c011fd9e46b903698dd8fa9aff5d7682ee4177e23dcbfc0e91311162b60ec6da53201a7c817a17b1142cb9794c51c5c15e6ebb18b7aa91c6a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4885d425a731b0f300bd6d0331dc1a0f
SHA1 c35c18d67a86d3027341a5f18a547013c85066c1
SHA256 19c9d2666a95538d4e2a5aead34655f165a1fffa5598d04ca487fe9e194f7fdd
SHA512 8957e80cfcb222ed4a79036e05547d11aaa9e8bb92d66d91321b99771be2ad90d2ec7e8a5c1d215d0ad50ca9e4f9d1e3ed069fa4f04ab736741322873ad60bae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 634dc1497c180ec69853e8262b2945fb
SHA1 769164f13c68288104f290eaed7a8094a6cceaee
SHA256 2003a055f024c76eec6eed273d8e05d965ff2850cd7d789b88985d61017364fe
SHA512 65a63c9a8f7c7acf62c9c3e1f7557a2f4d154c9aa486397285085ba047ed96457b19d01373b626156c7d91e832f7fc56254aacef774701bded725f23043736b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 576cdea32de5425fc0e4b7d749806ba0
SHA1 4ce4286a05a3daea707e644a81d395f11bc8a258
SHA256 f24bfe0aeceaaccbfb983c61bb4f7fbb9cbf9b13f01fe7c3ebbe09c4341b490f
SHA512 bcf21f4316ac5bf46bd743b4db13da61b425c21260aa934bfeb894e7c1102d524b282fcfc31ed83062d3b5191d9c3d89e03fe995b0d3fe55be9c39d5a4c457cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d2003de7d3c0b28e00048aa4579fc7a
SHA1 d92b507e3930272dc9cac24bd7b691f8ee293d27
SHA256 bebc9bd34078c5b1eaa10be7ba80b01237d0df9f5ba2a02f055ab93df2b911fa
SHA512 2cfc23e6d26ad74f30cd18bb1dd055e3686ac5245deb50746606b0ffbe6f2bc1380a419a11e804a8fff012bc8511739e01ab6aa2cd10255b64f394e1292a3799

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01f49f8d117f2262ca7368c2655fb292
SHA1 7edc918c3c1102ea6fc82db39a957cb6f67b7df8
SHA256 5aa8a052b19433e26bb106a7626e2479911f9c9d2defc8a388d57511c839c783
SHA512 8e1fd75d551e3e0a1a34ee1c76a890b07373ab333deb0fb79eae05ce37fbac2544e7c8d8a86e095d74f8d9887e657c68c7ccb36f507eae599fc260490d29485c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 302a19e1c8396132b1cfe3c7424f965d
SHA1 f483f6d6a4e69cdc0211a99123bc4d982e35fe28
SHA256 32fd0f111171691ff7f08c6dc6694204f77df1df88cbfe20ac0fd345b2ac3fb7
SHA512 aa24ff502688149892508e46f672fbdf4b63aac2ac75749914e1614ad7087084d5df351cc92b943b3e3b3ff86c3ca6047cc4743ce8119c10135bca60856237d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b7a6bd67e1ac9207e3a3ae25f7cf498
SHA1 7c6767b38894d0d5595665cb0442bc61ee73e8e2
SHA256 2484583202d9587d914ef8cf0977459654be089eeb03140e258b00b320f722b9
SHA512 185a12408f59b60dd9e8c1dc408f1ba57047dd7e0b1b96dae155ee8b4fccdd725dc2c8d33c94adb696aba38b80915ab668869ce8f5377d6866a1a40f35f91094

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10d58ee1f535d0afafcc626ca0cb8537
SHA1 3a7e18978781eeda5beab11b9080b60165cc79f9
SHA256 039ee8e2367dee9ce7844e48817efa9ba5ffede6d1bdbb1bf832d624452e6803
SHA512 013fdfc700d800d7a3951ac642e47e35f52fbdfa4bb51fae418e7e5b27eaf9da987da12030630a9e6eb34c8a839ab1cdd5859b869cf4733f042a2e8f432bb1c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0c7b51383fd6e55630047d9c81fa389
SHA1 21a81bfd5ae351db88a36341ee2eaf1c8beca915
SHA256 591c59f709127f5f873cfe610d819d0d487f1a0f0ac76adccadcba1db9bcfd4d
SHA512 e147b260861d5a95bb33e1d8f766c51b40c5555ca11240d63461f0dec4e20e95021166e4178c364eeb3671b5681b2b7686c2ad813eb73ed6f325f4127e9aedc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 639bfdc6df24cf6ee9856a416c5c5b58
SHA1 c5e4fc98cbedee8b8a0a326cfe1820c773f8ae1c
SHA256 aa5c21658703a21fa2d49eeb9a951034e598e052e861859531b52c97e85527aa
SHA512 c51c0346945a369087020d82a1c42c6c82b896c7b9165478e9d37483edd8ac7a21bf0744fd2dce0fd76cbab48fa5eb8458286f767e780f77fca5e0d137ade459

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38c8ba71e0cfda1d9b5590448ece88d2
SHA1 06cea8647b82b09404646f34069e73b6fd6cc327
SHA256 2d6971e5751ba463b76d9511689a0e6ba93aff911a3312e3e206af763c441bc7
SHA512 22c846eef3c2f79a5f96e9da2ae35d128f8710b5a816bea8ea90832c666cafbeb51bd99760bed913ec04961df87faf60e3b1f7062113c5bc18ec188187faf597

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 364df6afeb39b561fb7ce8a945f1e670
SHA1 4bea1cd4373a40c5c2552c430923fe4ae4507b8f
SHA256 562ea779fc16eea57eda7879a9684ac88c18d0bbab2105436ec79a39d3b1dcd3
SHA512 f6d367fa495672e69391cd71d486044688e3b20e43d8d6ccb74afd518d73eff329e8e5a14182ee6d4e27357a9abf10dd6c5def91de7e9fc62fa7fdca99b618ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd408c9b1deff711bae5d59805271247
SHA1 b012265fc768a8696a2e3a428209ed4baf16cdab
SHA256 ba243952e5855d261c3d7f5dc6036f2e4131381a7dc53186fe85691e5393044d
SHA512 1b375f1c48e510533c1c2343f4581da2e51cfb4b6d17252be33d89ae948f60a0539fa4b6bbfe83a24f843a0370cf01cc0315d948f4637cafe4f9eedd7523ce67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 646ea04b5c999ac861940a5f84092f7c
SHA1 0585f09e8378da7e047a0388edd76665d005194b
SHA256 5151a1f0a66459b03d3415514c1e149b74b43483313a8d2d674ba1d389cd1582
SHA512 eacda81c1180f6176c3e5bf85536e099f993268a26d4024eb0e0b186f0f15a9513a768dcd2dfff33c2fc9a8f7374e9ccfd5f878111a2a09d2505fc59b0d146e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b73635d7d6051e5aa0f42a52525c6be
SHA1 437c2d39d8221106bd76ceea611269331483a89b
SHA256 5fa16cd7d6673cbca915d45c294abc3dac0768b1806fba9dc47b42599f557904
SHA512 422b69bc55e1a9a3bec38c56d734a1b6353dc02d341ff9d6957f7915b13783b3e5551a23a81d9bb98542168de08d0ea85026cae7eb36e3d825d0be4c4929afda

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:45

Reported

2024-06-13 07:48

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47cff1200726c8cfec12690f738c09e_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4952 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 4136 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 5016 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 1636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 1636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4952 wrote to memory of 3532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47cff1200726c8cfec12690f738c09e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb10c746f8,0x7ffb10c74708,0x7ffb10c74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8189258754485656622,11780120809578699384,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5192 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 counter.top.ge udp
US 8.8.8.8:53 img.forum.ge udp
GE 188.93.95.16:445 counter.top.ge tcp
GE 188.93.89.67:443 img.forum.ge tcp
GE 188.93.89.67:443 img.forum.ge tcp
US 8.8.8.8:53 sab.fast.ge udp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
GE 188.93.95.26:443 sab.fast.ge tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 67.89.93.188.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.95.93.188.in-addr.arpa udp
US 8.8.8.8:53 code.createjs.com udp
SE 184.31.15.75:443 code.createjs.com tcp
US 8.8.8.8:53 forum.ge udp
GE 188.93.95.26:80 forum.ge tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 75.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
BE 2.17.107.104:443 www.bing.com tcp
BE 2.17.107.104:443 www.bing.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.66.137:443 code.jquery.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 104.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 counter.top.ge udp
GB 216.58.213.14:445 www.google-analytics.com tcp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
GB 216.58.213.14:139 www.google-analytics.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56067634f68231081c4bd5bdbfcc202f
SHA1 5582776da6ffc75bb0973840fc3d15598bc09eb1
SHA256 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512 c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

\??\pipe\LOCAL\crashpad_4952_IMAOQFGZWVLHSUEN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 81e892ca5c5683efdf9135fe0f2adb15
SHA1 39159b30226d98a465ece1da28dc87088b20ecad
SHA256 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512 c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 71a457bdae2a2858af3209bb4e5e29f7
SHA1 e80d4bbced8ad6f2c5ef36860f73a4ec7e8a8093
SHA256 e87889551ce495de7acdf59c4182e71dafa07b072179d1e83bd6b3b3859df4f0
SHA512 2d4d9c3175586fe4bee8d7afb6389fa4668a6d2a3a62f3bcbb6d1b8b58249f99cc7b9cc76ba4deba79043ffea4e708782251573a39ee98c1efcf23ae17a493ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fa220a3ebf16458ae622b609028f3193
SHA1 c3398528db4964cbbb7ec9472b35b092e5fdffcf
SHA256 b6e1ac4929af357061364e6673bc5af159b1402a6246fa9849b872e023ac5f34
SHA512 dd4f7484871060b6ad10c4d183834d2617019f515778cc7452ffd0806321da4ff601328c8f387f9f4853b1827866b979b386561bcc00e3b9bd012d1412b724c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78162d80078d53c891bef618e1817e19
SHA1 72bfaef95ef96bed226cc153127b8e8a89e0d252
SHA256 cb7a0be32763ac05bc226b5dc0693c6528f85566351e02025cc5a34c238a0ee6
SHA512 a3f45b8a401804556f175a43ed602325b2ad1a192e96b864ed31a23f14f6c991b2137380d3809926191dc26ed71b2b591ea02a3d43391566aa70347693f738b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ec341fe98a75cb34729bf687e5ffb6c3
SHA1 521a4a1b09b90b144196fc1b36e8369894653cd1
SHA256 a4ed2a0c532296848c6dce4cbbf316ff243fed16e59e6c07036f8e906a58c2a6
SHA512 c0e467f7df28ef030bd4ac16edb81607598039c684a91ad30b7b751992c8f6f64dd25bfe337e26dc049e6abcf2f537e4cd87cd209a176994e90c61eb0635c128

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4f89310843e7df1b23e462f5cba2a2cf
SHA1 951ca55cce9801f3bf5643417e906fece85767db
SHA256 bb09aaafbca50b53f4f9cf6b8cca083b2c0c78a8851c3332df2ef47998cc91ae
SHA512 1a7c4467cfb52d6cd660cc93a4def20aa312087df425963b3d954c98ad0e3927a96f823f6fc3912a81b551f05e85e6954abc6f53642fcfae30dbc00d8c92cf9f