Malware Analysis Report

2025-01-18 00:20

Sample ID 240613-l5wmjstgnf
Target a500e00a9bb559210129eaae347ff9fc_JaffaCakes118
SHA256 4be19e449f388230cc277ffd8468512d94c6354cbab2b02181209303d2ab896f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4be19e449f388230cc277ffd8468512d94c6354cbab2b02181209303d2ab896f

Threat Level: No (potentially) malicious behavior was detected

The file a500e00a9bb559210129eaae347ff9fc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:07

Reported

2024-06-13 10:10

Platform

win7-20240611-en

Max time kernel

135s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a500e00a9bb559210129eaae347ff9fc_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000dabef02a5cc7699dd1d26d0357fa1ae2c527d6a43307d8c8e7f580f78b5d5531000000000e80000000020000200000004ec2fafcfd1d704bc165a341dbab3d24876a0e0609c60cf8e46a41fe9941166f9000000031e38dce6f6d2bff023466db19b6337e0573901297829995fb8f14111fbd28575a6f93d547bcaab0113bea2c8c39174b60dc38c10f4c74e6db4f72aeaffba650b7a2169c04b8dcbd8cd7c243d0414fe29e77769e53eb4d5af6f3fcfa8e0c5b504f56703e8675d4469b725858abe31aa9ca8aff22e72440426d898a4d131693478cc4d98d3a7b1bc482005a0d382a413340000000b215fb717999ee2cceef74d2a6b350e417e3a48bce09659d6a301074b25b81a3f63eca54bfc4476be34f37e2b863ff738cb6ef1f717cc0bc915fc46051696e87 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f025ff9579bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435122" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0FD47F1-296C-11EF-B47E-DA79F2D4D836} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000713952ec55543d94b06069f8e05695c7af07bde92813706da71b08f837f08359000000000e80000000020000200000008e955c30a14e22835ab6a077d0a47af24ec9412dad5c99b35f414ebdfb4c50002000000046cbb7f5f0334fafcc39ba6ea47fb1121b3b5bdf209b933a5a7c8b905c6cd56a4000000061d75c96c1dcfa287f6dd0300bed258321cfc1107ba3fd11bc64e7376c5cca2f9a39d6a3871ed19a2539b35cee1f569eb9e04982b4c316eaeb41374b34023a95 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a500e00a9bb559210129eaae347ff9fc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6682.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6722.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 978f6b317c061fd04720a7a903a36982
SHA1 77679df44a19c77f65420eb251516fb98ea301f4
SHA256 945843c72e83ed61b1b9e4e33376c21262cf4e629f785de73991fbf1421986cd
SHA512 cbf692d06dd9bba5ad9a31783b539b0d68162e5aa73949e55a59af1aa96c51a109323b4f4077e661dcd764bf36a8bd047d347b76fc4bde29ad4c89be71d6367e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ce958f6d7f58446d836dc66c428f127
SHA1 38d26b246a7fd1c4fea64b04216ccf178eabae6c
SHA256 14874500bf2b3f4888ab26abd9e708d134f87d3f18f4999ad56576330429a9f1
SHA512 2da85734ac0318413f74913514cd181515674fcfe6bb8d2ae1e34e454a0a3327846fc79462e7745ca20bd4b1480dbad34023cd807619ed301509d94dfd800b88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1963126309ad5de445c81b6011157d3e
SHA1 7c0d901d3f0f7bbfaf9e9a6158eec8da1e05050d
SHA256 60e735b020825f54fa09141b69afabda46cb34ca80308b05fe5dfaa6ba1a9e81
SHA512 da3c918b5245e490608aef6cb4bd51c168c14a47a0185f9db011e54f267ff70d3399ff66f3397ec3b8a00d71abd783a40c989a92f88bee59aa9c99a7b87f79ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e202e2cfa3a3f66992961ba356e1b37f
SHA1 2c2ab508d9bea12ac303c352ce0691f2f399959f
SHA256 45851f8e42eca66272e7cef44094e0f5eba3edc3b19e55c1c07a16aff35117f4
SHA512 09df905cd94ce5f9f539023c45cff261a19689bf44f5dd82319e6eed8b10f09e9b548dc82bd114ef47301d8fffca074f8f5c26d284ef4fcce957c6ae21d56164

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71f1ca4c7e9da3bb03644a8532acda5e
SHA1 fbc464f3ca904f850742c0f3e75d6efaa5b6aec0
SHA256 08c4589695036bcf6e789e4fa4e74471faac218486c572103d585de296dd71a5
SHA512 b584d38cdb371361e3dac619b07dc7181411b7202e81c043d6b97c8b6d6344766cf87d9d832315d915e62c7f608d2790618cba752f59d01e7267e2f8244fd672

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abbbfaca81997716a68557d1ee7f9a96
SHA1 362b8357f483e77462fb0b83a39526b72a8b4780
SHA256 6deb968a59f10f40fd5d744a5796baec2c095f33c868d2d57b40c377836deae5
SHA512 3bb22f98ffe34b3dba3bd659814b39d4c362daa85013856bebb13962c34da0fbf7c56dda6d9c442994871d3f7de295605157823ef23705387d3bf6efab6872f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb3795fbc157e9801b559fcb581ea86a
SHA1 23313a5069a9ba1ca600ded9b6dba279fdc5c482
SHA256 9a5f48e1da1154653b9b90c134b43f3a517b730ac6162358fd4b90e8b138f367
SHA512 e83ea035a266ee91ba6157a84d8e8587c35b6d847c6430496e04b2acf1b8e3bd3a349193f75d92c6483f3dff63e48ea5c055fff0e6ee19b069cfb5b7fbc5285d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 071de0e2597bdae146957c7102995d81
SHA1 b425cf49b5332c03ed435572fc64f766b937987a
SHA256 3255b507ed50872cabd089e92d4d56b42932fba5000cde2f3c9cdaabfbd0ab64
SHA512 0cbc8392d1b36be5752d5d384ee3ea3794cb9abf2c693954078757dbb0df4b0fb4dc7ea97d47f0b1e2b5679a2732a7c0028d27344355989845f9c198d816a77d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67efd53adeb80f329e701d86a3c60b42
SHA1 e71281d6a2893234a162a8c9ac134862acf1c6ac
SHA256 21539ce7617e39acc4839038aeef4257a8c78d52ab67c702a40c5218c6328013
SHA512 535425f5de9a47efded9cd360c8060f88b29e8343b98bf074b15f4ae49fdabb45ed840bbcc57bdd6af109eb0756b9ee59cbad344f4e6f550d1f5473386147503

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 610a28e497033443c1ac3e00e12fae95
SHA1 e121c49e57ba07c31b5cba12e1d05ff090d3ebad
SHA256 de26877da4c24ba0bd064ce8b481e560586983177d1431837128ec1484846969
SHA512 70a2b2876532ffd9f7fe6e80c82817fe3cc501d74e239f9a9e3e96662c337b53724ece33a60e577d2499d8389058a4756a748eb13d272b3f76f87bbc75a3ad70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 997ef91fe809b92eea178e21d6ff13ec
SHA1 0edb31c128bee217793c7a656ed4dfe94239199f
SHA256 1f24fbac73a5b9f1c7a5d112d6a250973b843cdb4a016a5a76030e37cb57fd41
SHA512 458f9930c0833818d9861fabf723e95dba105d026d22c4c18340e6d7d75fab21c2775ebcc93f58db571adbaace672fd9c228b9fea1aa627c2f3d9a7c14fa1818

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 684e42b3267aec98f9c970acc72dbc35
SHA1 b5e53fc063933af0b5a8e8c4720a9efab31afd08
SHA256 d4d1a6157afc522a9546c59d0b73484294e6c82cb0c0d0c2bd5bd1bf4f0ab885
SHA512 d0876b5e9d16d954f8cc4a34ae0c7bdb6462ea552ec279a9c10b0e9ed6eee23e1f04d0aec5585dcc67b71531ae97a8ba86ae4ef6ace24e00c30afd74a2763709

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c99ce839ec7c64b3b8194e8a74f7f9c7
SHA1 d015e57d979150882e7d2411b815a384bfcf6adf
SHA256 93e45bb27639f9a454ca8bcde3e624a3a813591931fb3cc5cf953e5c987a9114
SHA512 3657efe52d9846d8df7e0d4f3cac349c6b9f06bdb4e6d7150e84bffdf38c23ea8799538f2d70289beb2c33dc18d36b47abd248ecafcf817acefe6bcf2292b7bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2661b6b633e811c55bab2679c90af55
SHA1 e672ae826d62a499bfd29cd4b0106d87a946a12c
SHA256 c94790f1d9b93c89df02206c8a5ca3a43843c0a0db370e35ac7b8fe47c5d2e06
SHA512 366f55995e1001ad53c992b01e8cf5fa9cad023a5d59cb361743428e0967a0f02d51f04ab4cae5fbbead67221e778ad3935281a211c5bd9ec5f8922b7515561c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99a1c9f6ab67fb3ec2867e849ec2f26e
SHA1 0f8aaae00445c51378ca7f176d53b2d087fa516b
SHA256 c75cf1f23b353769e4e2232f915195b587fe8e84cf3265b109b17919753128ec
SHA512 95554f4b27152e4aa315df63f0fc1e5d44d72637f2ebe49bd0f7e839b2076d626696c9985c082ce88aa91e07f5b8945f7542e1647fa2df6c562df12d20c4dc9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14c0ce4ba86a3635b4f7688eec403ae7
SHA1 ba664d188f8dd0172869f76045c127306517b1a4
SHA256 a7de09e514729870bda523f872aa2a2ee2b86235a0bf8284cd2ce5b1c9f8a031
SHA512 ccb0531472501412679f6488f77f758eac9183a757f08a4b328c1df2bcbbe3e2deafc41e77844c93fc5ee618577909feb8a980120079bf9cbef9dc34f79b5ff6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e628c6cba737f06bd17d0e33e99e3c4
SHA1 3c36ea5396bbd6829a686817989aa40dce877ec5
SHA256 f09d6731c3db128d45108dd36aa9f87f85ce2072b8fdf3022eb1c6a43d90e47e
SHA512 3f41789b83a65d8eb8a8f674acd87434cb58f19c39ccc78dadf71f8daacdd2e2d23e6b14b7cf5a17159788ffef5dc83e2e9d59416f788a16a3d5907536b3f7ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbfc87eaed2791793837d75353f8039b
SHA1 cf7169408c4078f7d80ef6325942a1a3b82f89e4
SHA256 8b5ad784ccb9011617b444f05310d7ac839f189ba3135a8c3a0bd3645fbfb4e8
SHA512 d40887f2f38f09011629d73e339d02e90a1d00db4689406ca6830d9cbd212cde181888c648f9c2e7b6da5bba7388cefcb9c12f55b2a43cc0edf4576d883806fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cce651eb929480bb13ec73f20a3dde68
SHA1 88c4a0227411f1d54d5ef47a06c4170a3a7e085a
SHA256 1594ee00c9ea0ef658b5b2a94b813fc13790e6ddcaa6f18ac0f1e39bdf72155d
SHA512 53ac291871795fd42e09343347f8a1ca33caa7f5ce5d2253a9ec864a027822d1eccf9eb3258ca916ea7c10baf7fc2b4786069299a08ba9737ef87f5de594aee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7db0e870668b84aebf5c3a2440a6890
SHA1 6b7cf4b70a69105c4474c7c7455ef4b7f788186e
SHA256 bf852f9dd215dca805c4de81fe0300cde6effebf1d4fe42018a454d46e9c97fc
SHA512 10bce836fa3c00b8309c152310d7a3c32fd4e7edfec8070501e276cceee3817c51962e5cee77ea304536d917303c9f5b9dd9b721ba99d374c013438da27f2521

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51db968933a6a3e908ef1ff74dcddbf2
SHA1 d91f7603597b37cedb31fb7dd11c7152aaf2679f
SHA256 3ca5efa90964e75a0b21b24e234fb2ef6fe89155e5440bdbfe33a88c6954586c
SHA512 0733090cbc69a2b664b642a5aab3d6b3f5e74d8a6e9584be945849b9b943fceb375930cae5d87efb3b1915f4132ee6c12567774c6ba7b45ba1052bd7ba05b600

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bedf416b1da67578d03bb81e0af71e77
SHA1 916f05be320362516a545b35f952ca35452d17d3
SHA256 421f8fc142d7ab5f00054f8402b38617263718b140d0752df0a99569ca4ffafc
SHA512 697a64d4ee76f90d514e851dc04e88ffe0c39181c061951203afb00d273f2f8d1155e6a6f3fb29d484aa7d4d42e2aede6ef9ab59ac72609f34f34b9d2603f6e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 395032969f4a889fa1e9c1b568ffa3e7
SHA1 f81e0ddc3a152338e4c8935d7daa8934d8cc7ae0
SHA256 4af88ddad24aeb411fd37af6903722b3849f452090e513ec0381cef58936060d
SHA512 0e51a4906a4b460c287a887bc4451d226ca87eaee389a82f8a084a1b2296a7af667c8d15bca7528dad8053a2bd06f640aee04feb61c2bc535a708e0869b9f440

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f74cc869c3206e8f61aad668ec133dd
SHA1 7fc7d47206df188145ff69c9be99e0e5f406d1a8
SHA256 34770778f79c377d3e8956b04f501327c6284fb0491164748ea5f5beaa517f23
SHA512 7dfd848466594e30decf006c1b5ec2d73840853b01190af13811a66a27eb554aeef19cc5de80243ce57dfbd051e10227b552c5c2ba8fa1628c2e7c47f8247fee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4f0d60ba3e6f337c746f51e756201a3
SHA1 3feeb1830f8b1674f6c18a30831fb7a2b67eb947
SHA256 c3cd73b8d75329035148a448a78d9d49ecae6655fb6c49a560d2a810ebfd9cb5
SHA512 3d6778cbfa284302e54208bdc6c44079276c1c9288c0f3538f6b3a66d8a387b5ced4f3b5967c520385496712b451ad31c1158a214df073ba3ab0aded81694045

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b574e37fa64b5af68b420fe9b1357df9
SHA1 4561180c2ddaf7b0aecbcb0bf0b7d791944f5033
SHA256 1829822d9d9644df2af7de4d6ea9a9e4f4396fbc6de5de85c2cdb5e49d57486c
SHA512 d02fdf354119b745b4bb1cefd922fbfa41245486309101728a741ef11aafcabf58b8734a869f25eab0a8b1b8b6f404453951a68a09ce06b447d1cf5c441d0e76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e83c577943237b8fa67a546b5fdb4799
SHA1 27b3ce6797666ddb6eb8dc8fc35b19e16b673d1c
SHA256 f9b59f06eb5e1d01b38a550356efb20f6849ba464c8c7610e71b69de2c4a68ca
SHA512 2190a02de2c48168c2fc85c5d7a7c84e0e121c0d1c331294c50c515bd5649e70c6ae4e4028786787d6581d0b9cf535941f8c1a04cbd2ed75a480eb64f1ed2bd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21ae268bec982a0eedb6d110e40ab9f8
SHA1 7431a315fa63e45512fa308d95227283470033c1
SHA256 70be7bc23a86bbf5ed8a39a5e632003d32d000cb59908d0be7a752e528260a48
SHA512 61efa4b790f50b086e310e3d8be3b3ec6366f504219f7309ffed57a9509750de13fe9b0b0986e3182e0543a7d4858724c5def3fae0cd5ef259f64bc0d5c42ef6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:07

Reported

2024-06-13 10:10

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a500e00a9bb559210129eaae347ff9fc_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1844 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 1240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 2300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 2300 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1844 wrote to memory of 3784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a500e00a9bb559210129eaae347ff9fc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,3342970615845559632,296414933406996161,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 224.0.0.251:5353 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1844_BFVYBCBTTJODQJXQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e72d6dc379d148f0d10fbaa440ad02e
SHA1 5ecb8ced55282fbc9eb49ab66250097184324fe9
SHA256 be8ff4ac9c2529b6802a8a8f3697a77071a1fd647dd0eed40365fc0cef184a7d
SHA512 f65c9924e5daa6d26805bdff6f11cfda8feb1fa11c9534312677deb51d90837b257a618fdd14c4f92766490fab61de87c987b6b02759a625ff847f9965fd89bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2499671563a5845db3514b5852ba42fb
SHA1 2d4f3a24f5e3f55305d699869a1e25b14ecc2166
SHA256 127c5766303c681a329f1c7ccd3617c65deef1800bfaffc9f2ccd1218b25e0ed
SHA512 ac0c8ec9bb56c2515305270cad108bf4138500cca561fde864e823ea524881c2a13f9f12c1bf832a0df46a01e0264e4795de0b397fc7fcf752201bcb5df587a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3c39daf2435ca2dcfe6c25d1b8d7936
SHA1 cbb3559d391b053934bab2a5ec9da07dff2f74bf
SHA256 960776e42345830e0e74662004a31725d945b12b9027d085cfb8669524cf36cb
SHA512 c3ccb9fbe6b5e2b4bfa9132cff34cfdad47e0a44e05f6e73d267d4c462f345ec424800f94008d98a2359b783b2b4c52de029bcfad7e5faacad90e910e164be2d