Malware Analysis Report

2025-01-18 01:58

Sample ID 240613-jmaagszdja
Target a47d67d6846e32c9c5ca9c2e128830c7_JaffaCakes118
SHA256 be49d837b78c1c34c88d00b1025d86a77166a5de2cd9c40f86d28db474f6f661
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

be49d837b78c1c34c88d00b1025d86a77166a5de2cd9c40f86d28db474f6f661

Threat Level: No (potentially) malicious behavior was detected

The file a47d67d6846e32c9c5ca9c2e128830c7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:49

Platform

win7-20240221-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d67d6846e32c9c5ca9c2e128830c7_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff63065fd33f0440b04408a17e7d4dcf00000000020000000000106600000001000020000000e508968902dc2e4841ca292ed6dc9cf6d396e6cb4a89efe87de52bec2a52e5c0000000000e8000000002000020000000eb1d4f635b7f90e4bc4f231d504734ae07f3ae14f7a4e3fcfea3445ed308a7c82000000068b8c247f0fe82e87ffc73a4415011352b289d947b72bd4ef21089be2185aedf40000000faad1feedad6eaccac2da2f5c0eb2787621081c2ff3679954d3ed60df1859ad187ddb716120b49d98125950e0e793690c2524dee24fe108b84e7b7551292805b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ff63065fd33f0440b04408a17e7d4dcf000000000200000000001066000000010000200000004ef2df17fea9e3619f0b4287df38115195c4338844a538f02254fddf0630017e000000000e8000000002000020000000e57f7b802ac247fec5fc43235cb586414a016c46b35e4e0a5eb0ad07abab045790000000c36eb4bc13cfd69d93faad7d6b1078b9b6206f0e50309298d2f2fbfdf91ac784e127e71dae98d0fcaa50817aea87b824ef8e79875bd3dbeadcce016b67d9c612e9231b637e50b292e55798b034c64472b684b401adf965e2fe2f8317672b2b6e2eada889d0f63d14eb8432bfb7964c84058110f0663df3be08ab6ca9aad51c7a3c4d638ac2a8718e0374c6165b37f3e44000000094837a9773b19a121107d345f73f20a8e0c3fa987115417b7ada4b5e792796ac8e19da594572b6d7fc7873d02eec32e392c7401fe1009bfa881c16a39be50793 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426668" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b8e5ee65bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{117A69B1-2959-11EF-8A46-EA263619F6CB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d67d6846e32c9c5ca9c2e128830c7_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 asimp3.club udp
US 8.8.8.8:53 bc.vc udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 i.imgur.com udp
US 151.101.66.137:80 code.jquery.com tcp
US 104.21.3.156:80 bc.vc tcp
US 199.232.192.193:80 i.imgur.com tcp
US 104.18.11.207:80 maxcdn.bootstrapcdn.com tcp
US 104.18.11.207:80 maxcdn.bootstrapcdn.com tcp
US 104.21.3.156:80 bc.vc tcp
US 199.232.192.193:80 i.imgur.com tcp
US 151.101.66.137:80 code.jquery.com tcp
US 199.232.192.193:443 i.imgur.com tcp
US 8.8.8.8:53 bcvc.ink udp
US 172.67.218.142:443 bcvc.ink tcp
US 172.67.218.142:443 bcvc.ink tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 cse.google.com udp
GB 172.217.169.46:443 cse.google.com tcp
GB 172.217.169.46:443 cse.google.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:80 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2399.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar23FC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 129a13fc571ef219fc4a9a78d1055af8
SHA1 06b36a65ac2c88db766c4da24c23fb8b1c001399
SHA256 54468907a8d89b08090804e8907abd9f8eb10a1e4ccb02b81ad1632767334840
SHA512 ca602bffcbe95e8a236709a4446316d8a8ed7dcfd7a4e74f92a1a1382bbe7e7fe63a2fccc3f4bcca1acf8b099a21ada524536009585d3bb6ff63ab469811c1e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 013adef526857cf926d7365b88009568
SHA1 7807e0de7f283f9f7595004f95a24e48eef16193
SHA256 2a7c27040ee018df288dd9d96375bc2cb0fb1874dd693f775626e1d2fefb3c03
SHA512 4fc46c31867df8d023781c1c85475f3cdbf1225754bc6fc755b827ca104cbe26ade71dc027c9edbf7bef1fd15cb8c8a66c279da658340155cdcb6246ff910b21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2274d9d3bad1d8ef7af9b43e46ed301
SHA1 9e64a5047005ebeb701e2422ff3288dfcc5be088
SHA256 f94d6fa6c00f7eade490f31dacd07146c3b661b2f777b26f80d4f1b693f31840
SHA512 ecfbd009acd977c2af5222aca4c2c719fc6eefa57ff90f82af9b4a7d498b3c4f0ccdc8cc83c72406b8050f4cbabf6962fd33454a6e458c6a8854d67841c58e64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3586c931bc5eec3c8fd2bc3b4308fa6a
SHA1 12a5a435347db821a10406c4d225cba917817938
SHA256 62f8f55c72a4d5e5503aa93bd09b94ddda3d01678351a0ed75ae3443cb61cb42
SHA512 acc008ccc6de88d60d0197874703e8e29d043a11782f718adcbb765295edac101b994cc88eebc1246d5d411fa89fadb5475886215210398d3bd240ca8bbcdaef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f9f9708463e556a191f7f2c6a44a458
SHA1 c613db3381c634b753d66414e513b06a9304f8f1
SHA256 91ac07be45a937fda8b84e13bfceba54c002d0471b109018cfb8c526f0380bd5
SHA512 0bddc6699dad3004c6962f0c734d6b0fca30cd01bb527f92e1db769a8a9903c1399f12e38fd491dc17dda7862291069bd7df210e937f6284e3089e5c1f691284

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0940cbada3431d7a5bcec8e6ca8d1ad9
SHA1 96c07a50c34ae7b3355ea6e406534e21126341fe
SHA256 15f2f93aa5a98d2b289780d5cae06e6450fa3db207410794108e88808548d415
SHA512 caf5d593e608ef9aa6e782105a67640e5dae72fcfed6518ad10fc0468294ff8c2841e6d6e3d33f89b68f52844f5c036008e2cac936cd35ef5077ea904828a7b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aecbf2ffcb8460ff996156f6e72b184e
SHA1 6ec3cce63ffd7a52d1246a545cef9d5e4738e0bb
SHA256 aab72d4fb6a0211123e204ace23447c9aa6014951af7610ff3a973b650db5bc9
SHA512 67792929a481991e476718a3eb145199fe72e0002404f8e92a438f50249792f54b2e7ebde7fb2763c52332d6fc1a78c30c5296a1c0cfc2ccb84c0195c37de448

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 329cde0e7ed220b71d8d9ea2caa07fb4
SHA1 26e04066ca7a3c63bed8c1e08874a8cdafc0a08d
SHA256 cab24ef20eaa308fb44a97fe10addc9e78401ad857457d80de3bff14d42d80ca
SHA512 9355c5825ad2c995133c79d3f80c4b6a71ccd345f578734f46e758627db1943b4ea71e6f3e68459e511191056f0546e695f101071eff17fe7b284b8755e38ca3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 949d55b3761103c05f1ec06918c2c9b3
SHA1 5fce4350eb74df9a871424aa7e79092bf99feae4
SHA256 01c7f4aad3eef6810bd340efbca4a71f021c42e13f638a24ed05a37192fea1da
SHA512 e9ceefdee6f3b700c39b2845561f81d001d215666106000440b6f7002dece28b1339783f4ce4f89d857ba88ee7bd21f2b1aeb2a9dab1461cf50ce582a3d2e1b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f396a0e5e694de47b38708ca368242d7
SHA1 1eeaf53da19ff51097bf0c59e19508f3b55c3f89
SHA256 eb07f004f13462492089218e232fa50787f24f00916a38cc545369bcace65455
SHA512 05b6c9ab6a2da6ed8c0b4f94d4a02f731c92dad9612bc4cea1a1ab10550e8d9df40bdd85ca60e877ffd6d8e5da1b56ac0b3c7895bc86edfdeaa58f5e3b2a6c7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd75cab1d4cfc015e951dc279b569b24
SHA1 60c278f7f8ce73f06c5feff9fdc7f60e8fec39e0
SHA256 84245f0ae58d9414b10ac14e9ac61380ebeb1e61b904082d942f66606fa02ac0
SHA512 2382c0825dac2cace90e0a6116edce874a5b6ea7b8da01d614dc24bcc64fcff7243143d0526288e1d81ce9d714410ebdb8896a8f32fa01b28effed47cb166fc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b5f4f15b46eb7b44247d12e6fb49d8a
SHA1 a0bf7ced0407ab9f3f74ee3b3ae8f718c9fae202
SHA256 d8895b84f7d06300614fd9fbac8e0663c28022d653156cad7335f2faea955b46
SHA512 7320bcdc27e051bc9fb1f8cbcba41ccfbed4b117b6a9cb25666c333e91598f6db18742aaa81bbfe162a68da4cd94d87bcb081a0a62bc0a68c4c058fda5e22efb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3865dacde5e6f450b5142556d2f6377
SHA1 054357236c0ca35da6c91e2b22def99fdba66165
SHA256 8f0366f3b5b2db4cdbf3df00e213fd5f90c9cacb88a32bc0ba1d82f3f073f54c
SHA512 8b869abf8b90a7b276058a8c0d85fe1ea7f8bbcaeebec1b3d8f2e75a2b6e04b229cd6f55618babeb002387ebf4304470d757a1bc87bcebc4404c4a85691673a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6aa2908f49d82055962890cf7cc5c85a
SHA1 daad86db039234079be2c96bddf64000d13c52be
SHA256 972f0fefc12356c33c41d46bd5f3928d6d683c32dd28dede42605190eb35ba76
SHA512 6997cf5660188d0480c15a581d41ffa2e4c02884bbd43a20cbed7eeab2a601144613176349320e61d8193c7859a82aef23bd754b1d7a4932cb838f47529a5faf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 005782b3af5158c2d87c7a8ff2edc239
SHA1 9571564a5522963102c9c25c1694947435663eb3
SHA256 f13dcb6d9f8466432b595f70fd4c6e2439b917d9ef8ad69fb84c7ff7d1ba9b10
SHA512 1c65887f6da65ff248f2858bca67937471c0da9fde54776ec9fc8ce94845df3b92918baade575af7821048833dba17aa858fa07ebd6d4fb166fdb62152d60938

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c34bc4fccb0a2eea15964d446165aa63
SHA1 da31dda4d9c42fe56205a35dd92ac758a2ca24af
SHA256 afd6e0f5f4a2f48c531d0e5adf50e9be718356782899ae1f1a1bcdb8ab1a33d0
SHA512 e4c6d40aee0b7e5366515346c88ae9440cb87c55300e91c951444ad5c621fb1c49c5922a6765b65ec1bf5ca8b504f30ce47a98401493fa3f6dab8737a8031067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e677d91691ee2c643edec5170420b0f
SHA1 668c1b24a02409e43789b94a324f47687d99a1b4
SHA256 0d1975f618abd6fde8d9f12a7485df32d103eb6fdcb9684684ebd52a18910c1b
SHA512 713ee772f3cb4df7b1fdb57decd862e43cf9128d98d5e229fba079c0d29e9866661f5ac5c29a28be4d5e9a03261b18d91b9d9244c6ffc7470bafb288e98675bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e938055044ff0bc785a4fa696af3a5dd
SHA1 ecbe3773d60d5175e5e1362f844c5dd61220f8aa
SHA256 b423440d6df22c40a69cec0712560c74e8762285244fa2bf0e633c869fa0978f
SHA512 4cbeaadc20563d0069e048c68b63d561e4bf4330b47cc619dc185999b32aef6f419d7e2afb4703f4fa889a49a28c52944a9cfe6d946ac74fe9761e8b923571cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f30daaa56da6497d41e2ee3ee43ac3b0
SHA1 8cd3228a89ce8c3b0d5b8320d852c4ed8a391e06
SHA256 01892e1b13be369157d353e1690bea3126ce50215eb232623cb8a760c51ed22d
SHA512 84152adc233fd67f2b727e4d2ccf11b6aa1efa1edb15f69a088fc7c108dd813d579a2adfa3e8a56d9d496897ed00e032681293b79822a72646fa2645b3c84903

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ea1fddd2a89f913cc4a7f40838158d6
SHA1 16068b52a76c38d458869da52d6299ae9e0167f6
SHA256 c2a4ba796c8a07534cd06f365b950a0f5c5ff3b325530203e636468563bf05bb
SHA512 a284c3a328990ab72c9e708002ee3e39b384b5b9732603be28cbd7e1c7ee5b1d49251ca913c7f439bec76b34f322fbf957ef1b9e5fb77c47231916892692c903

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a7cb02b6cbfea5f4dddda554a2cc7d82
SHA1 f593b74d69d096be6937b905043f6d7b776515e9
SHA256 63ad7cc26aa7ff2090e95326805f07476f4bf8d5af7b0c09228ee189a9cd8a7b
SHA512 b8b6bab52b5990a5ac0625886af8d1a7d64cf4df95c42bc804ddb83161cd7b984a1e270ed22e2c7afe07cb284dba289be3a60ce602f5045682fe734b06cef605

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 441545ea95009db2dd0d313582a2e3ed
SHA1 6bb8d2d005de25df358008fc567881d1b1163212
SHA256 3be48c3fa1a725787e968851b2f96a7fbc1124b06da75d58f149ba52d1e7f582
SHA512 c389bf62d2ef0b2db92dc736acbd82362d4d489b67ab4bbf27a67198011471e03fbff803313c9a3bb45f369687b028adda93c2ff761f2a1a377c663302fd10b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18750711879dc39bebbcc2b3a661b786
SHA1 b4b3a8b9d11faab257090d71f5bd9a42019c5459
SHA256 8430fab8656138866b90be6c65622bd0e83eca07ef3ad9e240bd0ef63451c26f
SHA512 d0e7b06f675546df996846db21d28f2757fa87595bf55968af57fd73c92da0a082b72c84f8d04de75aac6fc07c71ada5e1cc5fd48d0eb96a55c103dcc9748d32

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:49

Platform

win10v2004-20240611-en

Max time kernel

145s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d67d6846e32c9c5ca9c2e128830c7_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2568 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 1008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2568 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d67d6846e32c9c5ca9c2e128830c7_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9526946f8,0x7ff952694708,0x7ff952694718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,15569151528002615337,14146528515904608751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2720 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 asimp3.club udp
US 151.101.2.137:80 code.jquery.com tcp
US 104.18.10.207:80 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 bc.vc udp
US 172.67.130.232:80 bc.vc tcp
US 8.8.8.8:53 i.imgur.com udp
US 104.18.10.207:80 maxcdn.bootstrapcdn.com tcp
US 8.8.8.8:53 cse.google.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 16.43.107.13.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 bcvc.ink udp
US 199.232.192.193:80 i.imgur.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 172.217.169.46:443 cse.google.com tcp
US 172.67.218.142:443 bcvc.ink tcp
US 199.232.192.193:443 i.imgur.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:80 connect.facebook.net tcp
US 8.8.8.8:53 g.bing.com udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 204.79.197.237:443 g.bing.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 193.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 232.130.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 142.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
BE 88.221.83.218:443 www.bing.com tcp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 218.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

\??\pipe\LOCAL\crashpad_2568_HDCOMEQFLKGQXOTO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 23a1891e07fc8616c7975ec3d7f78a0f
SHA1 4bb80b56f4a512c875de05e922bae6bdce1b4f57
SHA256 a1aa26b6a9fc494f8bb34b69943deb782e539b4d3f030fbbb7c8bce4f2977070
SHA512 ad4dbcc06c0ee91a862a1a6053ccce7a62d5b3d4cd262eee383d26022115777b59f39136d583686fc97beec9402f7923d6af9a6f878dd75f1c1a122e4685f917

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1fa08992c4ebec1cbe90c2c19fabbe85
SHA1 0fffb6630bb0c5aeca191172f012c38735c7f130
SHA256 4630d25625f38664a390904b3515151e4d99a1ee089e8743fd4985ecda254441
SHA512 dc16480b7aa3b15ebfdcee8c1d0302b299f0cd5b4a0b1cb058613899add13e6693ec2d867c4480b5ffed4a5c612db8efd779b3e431f760a95f60469004cc1a91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 098b449a89a26c846b0d923bba4405ed
SHA1 a008527167ddee8ed4b943f66ca3a03be9a9e7d5
SHA256 4392700a93b4f6b5b4cd47769b63c4f9a4988a7819b82db7a088bd51eb82c7ef
SHA512 b7af41b90a15d50cf4e351f79071d558c3d87c305e292f00a03d4890a0447bbdfa3ae805bd71c2b9c23f47d9a44afb9a55917f7541642b28d4bd58b60de3a41f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4e348d56ef4f7e27d2504b01716dc721
SHA1 4757342a0dfdc114916b9761d4068830e1b63c32
SHA256 a1ddb2d9b5dc268e13b902447e9b99d167c3efdd4a0d48606f2be5a59c5aa135
SHA512 bc6b18062f8ff3c24ec549ce1a95b00717c1dafaa2742ff8148d02a0d2080dba50cd5dddade9c1955b243970d4d441550bf809ec81905cfd3307e22b1786b791