Malware Analysis Report

2025-01-18 01:58

Sample ID 240613-jpe9hstfjr
Target a47fefc28469aebcfed09078ca8fdf44_JaffaCakes118
SHA256 9dcca00c905a9080c9a675e4c9394c68ff0813427a541004075120130f6d8263
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9dcca00c905a9080c9a675e4c9394c68ff0813427a541004075120130f6d8263

Threat Level: No (potentially) malicious behavior was detected

The file a47fefc28469aebcfed09078ca8fdf44_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:50

Reported

2024-06-13 07:52

Platform

win7-20240611-en

Max time kernel

136s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47fefc28469aebcfed09078ca8fdf44_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000123f12245fe1c281955c1d2ba12153a34a0784b872d250672979f578ee413e86000000000e80000000020000200000000fec61bd7b4602e13c9e29248acd2f285b5abef9893ea0f94c65362455637c1b90000000a978567eaf9b4020f59fe7d6eafcb1f9c40a95a97eb174aa4ee4789b2fa2a4603ad3093bb9df774e0ce79b988a55d55c01f75775d8c5a730fbc41aa3f4bdca4451d190d38fece07d814a01708265baa874a0df94703745dd9bc1fbf97f68b6aba6505d18a60b74158c47848b46830ea5fd409348076b592d15c284f37bfe896140e187b34d247e85abd9a40a637d7ede400000009605b2c5bafa314907e6989d0604a9ee08235fc4d10ec8008127e24f2ddc631329a1b63bd8c7f420b57aa6025812c0acee5552bbfa887de6e6b248ac73821793 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9921EBE1-2959-11EF-9E46-6ACBDECABE1A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000388be9864862eadd059fd0eaa2140367d0f90d47e706c1adf9fe3b79fe26c189000000000e80000000020000200000002a650f3de470f20f1d0bdefdd4a24c2cbbc600f9631b0051e5f35199915f224320000000249ee6f94040b414c4325e314a95f246f95a0e070f2a93abc518b29fd13b257b40000000711be0dd403dbc2974166a6388dd0dedd52f58d7592fbaad3f58df4e08b4a2644dc3e5ca8a33c343a5a45a8a7291b94f14f9aee25d4d2f7f664bd057dea3a626 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0e2c66f66bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426897" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47fefc28469aebcfed09078ca8fdf44_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 buro075.nl udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\fonts[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Cab7F41.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7FE2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 117454feeac06b8d2a58665f58baf435
SHA1 c02234eb8bd2c7b8fe774213df4a1ce9b5c9aea9
SHA256 06ffb6839c2eff79d70debe96069ab03a09c46c337c562f8ec47e5d20f37261b
SHA512 e5d5212625941a8133e43654a16623da02494379f4d7f2d02ffb7303291bb09c066e7facbd8b43837689215820117df61f6598ed2f96c2ab879585c75b6861f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a657e449ce88f546be8b352c3c549010
SHA1 85b0502f156a2beb8421a471b7872cc4e57dabf4
SHA256 ba65e9ed4df9218873f3fdd4daa3a7569eae079bbc39af66ecc98723cee9a7bd
SHA512 d77ea4ca3603ca02cd5e2d761b66ccd12ca7e25dbc7f3ad6b6f24d6e8ace046c4376bb63200f3daee71396d7a22a598886f4d3173b04ed6491a437b6b2d40246

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb150c62b249359c12ca2175db3f1b3d
SHA1 52690e1255911fd610e9d0940217de3f30a709f5
SHA256 90941b3acc679a2db3cdaa723d2d5c443ab02cf38b35e2b75ea76765b8f117e7
SHA512 c21e476ae7b664fc27a475a06cbff271c97ded57cc1b4e3d3b202083255bd56f1280d02918bdf504694512e7207cea97ad8a645ad23e762632d102f09f7d2b95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdcbd33753ba62975b64e24773ff785c
SHA1 2a0fb9d8893ba260290e34960fcac3a020a6a6fd
SHA256 ec6e3aabc2e824b977184ae841171bbb0ee7dd19f54584f800d7afca3011236f
SHA512 0f6d475067c3a815b02897e48fd98d88c3ea27bba8b9e2a0263ace00e76b4f034303cffe5a25898a7cc2fca8f750569083eab24d8f7a43daf3fca14da2fe5da9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7e4fb9381da72b574a18bc9baafc03a
SHA1 85b069c8056a26b2ebd99fe2caac37e3ef70588f
SHA256 c3b9892e39a0a145580e8138faeb1374bd910d58c1a6bc47192a03df41dd358d
SHA512 4f72fc882a4e676ead2e668f6930adc30b5825d019b75f3bc707a0a65df556c7cf74bac5f46852f4c9ccc01ed5e90985e0ca30f5a29fcff1bd07038f26d346fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2197573f0efa5a04988a5e9c01aa75bc
SHA1 1185fd0d8a9a3ab55fbad107e998878bd1f08010
SHA256 7b0c9ef035312887863d91f0da2e2b0e0b58ccadc1b13919ac5d9710a25e4137
SHA512 60529bd5f4d3679af577426e5d3929f16c46486f626bdb2c2b277789563b580b4df58e2b2b6b5ccd67d1a6886d72d4c11e260525902232643ac264dfa75361a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46b46cb71fa10e76333c3c94409264d7
SHA1 ba292f6fac1c82b73a1d05cdd89d171ea31191d3
SHA256 f3b9c8561766b27ae1bb9c6591f10bbb0f7a348f4776d96395da9120898dc0d9
SHA512 9ea43b71d06acbb6c1e8116afeb79c7f6779536f7a384f88920d827bfc532632c056659ed1a7949cfe25eca20d5e325b6927522e8b461acf1e3d9da49a932a64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fda1b7fd8ff68750a2e4a1edd6c132fa
SHA1 6568c5a65592d215e3d9e1b30834ddf1b80ad939
SHA256 3e48187a460ccb1428787b87c6e62311b169cc07c676aa871da6b7177c0563de
SHA512 bdd9b8cd4c627fceac395f388fd4afe15b97b067c29d55a0f8ad9305d23a739c649b80224b2ad1f52b9cd6b46dd05c1dfcfc9429155dfba2a6fc11a205a522a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0efbdf7d8092965317a8c528014273f6
SHA1 6246756c11a1d06f5b983d66cee9795d8aa9b0e6
SHA256 d353c2459795607ca2001124dc77dea67af1bdcc96dd2c1577d8e2a5d9e6637e
SHA512 7a8229166d03d64ffa5484b2e914ee2cf70d924adcebba1bacb297f6d1f937f92a9e366c38467019789cb2f4a47fe7967a4bce7f7c109742e213f0829b60c62e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6747b7549efd799b4f615a2369a7f290
SHA1 ace5aa1832e5d0caac07faa7a50f29104212f84f
SHA256 e8ffc00067c8f2a1e511b5dcbf99929bab7b53a8652f825bf7ffab1356a6f33e
SHA512 6fa48bc4aed14780611915701a65bed1233675801d2dbfb9c00e09b1caa4071fad5d905d155ca2979b3d0212da80b8b60a371932aff361d364f9e3a209a38861

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fdb55b8198ba5af3677012f854cb154
SHA1 80e1c76c1473221a278791fc5c6fb42d8fd4b805
SHA256 546f4788bbf1ec812c316f5c030eb010e217a48fa23ac9f6bb67d1abd880c2c1
SHA512 7b5782067264f8e3a545a62d323e5eb48e92d4b9da0d74df97af90cdb250243678b624cc8503eda1a17a441a924e5c3f866ac449d3aa40919bc883f23fcc8eb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec9c6f587388aea024698d792d7dc5ef
SHA1 2433fa6091856372bdc6df56902f4570684bb0a1
SHA256 2a5e0738213fd93740140f4162017f8e1165f3d0960beea56a0b2b2b69856cbf
SHA512 d459e18887a253ed1ebc302d0281fa7931a38f07314d65fc8b929e775e49b7d43c3aa270c37ef6da9d0617d11ad3c0b71bceefd4b9fb9334cb83c0d6c0f3dc6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aec8b42ca3eb29a40b66c53cf24a75b5
SHA1 019ce433aa7a8b97a212493a85d70c8960787537
SHA256 9f57fa08aaad9f482cf7c3a852cda3f41152571e398b8a3f32db8e87358d2efe
SHA512 56365912d163b8b2fca3842ee24c2a21a00782bf4bb124e2986f564cf172025ebebe3ac58e239773c2905c7e35d61388e39c700956584c5c039f6e91d789a4ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d81f579f96e35024d7e69910dfb2182
SHA1 bb464f9bdd59eb92633fd9871c3eb250398f344f
SHA256 d6fd063d9963dea00431f62f9e39038303c1c25c8e7116ffebe35051475677a4
SHA512 24733c451b4c0cef560a047037a97bec5736c3218a370dacfa005e2d366aa18a3c6ca7c19c31158215cf310d06f1baf9547867e66992be1da298e173d1aa66ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4af68280c62a3a4838237743dbb68b91
SHA1 d5a2c1edbc36a312e43d106994e15cbc76eef603
SHA256 3f3cba3689b6a30d7ff275c928a179de2b6f7e83d2b54b4cc80113ebcd99e89c
SHA512 2c127b853b971d18b5cf8b8346dbb7eb4e8c7a2b9a5802d9c284bd5e2e690c6f5d1b059c63c3b676eff59eebe2522ae639090a768b24477ecf8851c969a0c5f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5cdfd596d38f4d23a7efda68c895cee
SHA1 11751c6f10b17d1318b58ae1973f96dad15f9212
SHA256 e7ea82f136b55cb16f44f1aebcfcf9523d616d37e16333412398c9258baad5c7
SHA512 859b6c837cf6e74da00d9c106aaccdf4b7509c2c6e9a8476bd6e5805e1cd73de61df480b8ed8a1bc2e16ac113d60224e014579302f4d0d391d715b3e50666afe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72b814d89bed75e19dbd76cc299275fa
SHA1 bd636677d234fd5f1ed734164f221cc2a5f2b244
SHA256 6a942dbd7e771a046258551c25ccd4c7ee63f16dc757280b908abb7118805780
SHA512 8951e21d7ed8ce06e1594faee184b0d369e930580ba87ab0fca772c9cc7f4f5397d204fd0ee6ccef1b3d50ce0373857671928024586d6ef25fb4ca7a6b92f094

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:50

Reported

2024-06-13 07:52

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47fefc28469aebcfed09078ca8fdf44_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3788 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 3432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 4204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 3720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3788 wrote to memory of 2488 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47fefc28469aebcfed09078ca8fdf44_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16143008820447765894,7351845463243057727,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 buro075.nl udp
US 23.53.113.159:80 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_3788_IRSUUVJZPTXSNERK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a909282e2bd18d6fb4eb21f61b920b9c
SHA1 a0b8b308e8764cb0227451fa69290b034931900e
SHA256 5d8356011259109b0d0e78a129ddefda18c4688924d10be9341e1e164c91c720
SHA512 07fdc289166410bc731bd00c87f6ef7b4d84128579771d4b75d9ae810342d053da00591abc83539f3b336d6c1943f860ca8743b054d88a1a44d96757918f70de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 eb4deb27c4ab7fa1e1639e0c950a34bc
SHA1 de700c45ecc3dd85017b6c8e236d55cda717403d
SHA256 931ce028a9782dd1769c858e9760726b2bd31f545a91eb078d8eba6fa5634698
SHA512 85fd15c2d89636c2b3ddac2058f5f7d58c572ed88075f9fa94cb2c9c88f03b5ba04262b1213a2fb2cf8f9291772c5e2a5b12e342b8a69ebf044c5a986daf90b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 073bc02178b41c5996be2813ee25e59e
SHA1 07eb270627aea7111055050f4e09551550544ee6
SHA256 e0493d932b721cf86d4e1185682c2ff09aa300b678bc9654dec2ae44acdd7e09
SHA512 04b645dff840a7b50702e19c2816dd83b2dda24a6935c5f7419208929c770aa21b578a33bb2242ec876f23038e9fb2d032083950893d667994031af0bc2fab82