Malware Analysis Report

2025-01-18 00:21

Sample ID 240613-l7gw6sthlb
Target a5041743b29d61db9e7a0e63791f4ad0_JaffaCakes118
SHA256 5de448754f3229f4f7f07bdf0127e98258d1ffc3158e1031ee55974946b48847
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

5de448754f3229f4f7f07bdf0127e98258d1ffc3158e1031ee55974946b48847

Threat Level: No (potentially) malicious behavior was detected

The file a5041743b29d61db9e7a0e63791f4ad0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:10

Reported

2024-06-13 10:12

Platform

win7-20240611-en

Max time kernel

121s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5041743b29d61db9e7a0e63791f4ad0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{247C6181-296D-11EF-BE23-DE271FC37611} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50ed86fa79bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000093bac5757b66fddaa70ef7cc584a9c315001a8c6dd3f93489fdd6d3dd402a5ac000000000e80000000020000200000008d46d27f926245c7675a3688e8ca68384bb774a5988c9945ff83107c9fa86d9690000000e98fafbd45a02c4ca37ffb37366e4dc47ddc24d876a3005f7e1cc4f81d688c6cc6737e457fddbbaaf5e31a2238449660ee4fed3f60fbc63157e0850c52526870d57f6acf65bac6cf099244c400d0bac7f482fbc027de9f6e50dea526f74ddccef1c1d27b34b285cfbaf4ee6ad7966ebbdce68c5751d223a36801d05fb276477e8faa73e5d8a27efe5250022ebc90f56440000000f8f568a09fe97c5e3ddf1c6243ac396b8e489401d0b312f8b3aab2978bf8ef4e6c1ee7b642a568aec9aa86b8b3fc50d372174d4ac425ae8c2678dd0882f0d68e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435290" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000133d8944ff118d6740805ee7718076244812db337623f27a4c8ae65ea316805c000000000e8000000002000020000000577f5ef3f2ed0a06f64792b67f7aca92ba45e806a76ae5135583cb436ec4b45820000000036183dae8551a101e0c835c8c2ec4b280490530918d54fa083ef89133286d9a40000000fa626037b72603aeb5534cbe173ab6fdd06b601fd3b31be60c9a21397bb9d14c0dc9f901611ae80a812894d5569a8e9ed68ced5b78f2b42722e3440362f9c184 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5041743b29d61db9e7a0e63791f4ad0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.yaporn.club udp
US 8.8.8.8:53 yaporn.club udp
US 8.8.8.8:53 vwijf.com udp
US 104.18.10.96:443 vwijf.com tcp
US 104.18.10.96:443 vwijf.com tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
IE 2.18.24.9:80 apps.identrust.com tcp
IE 2.18.24.9:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 104.90.25.32:80 x2.c.lencr.org tcp
US 103.224.212.210:443 yaporn.club tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
US 103.224.212.210:443 yaporn.club tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab7EB3.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7EC6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bdc6237fe4caa27eb211347fdc90359
SHA1 67dc27095238244f407e9b16c6879615660ea6ae
SHA256 dbc7258171b855314f163245578406f06eeed7d2c4580a59e095416855eb9e3b
SHA512 0e277c437c902cb20d4c3c75e24af80f63d30645d54d60f3c830a9c98a49442894932ad8a111f265f5c70e0ee6147dfa75208fecba6f42be10a550326ee4efe1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 90aedd9d5615a00267cf6e0b7e34e176
SHA1 d39de2234a84f3293c8ee77a151e7fbfe9b2712e
SHA256 d85788a49a43a267ee8732f2a5ac458e62152f039188bb6eeb4829b657b5e074
SHA512 38bdafea6f85878ffac97bb70be4edcb2fb7e38fb6adf5dac7a99321601de000f3e5fb79d7856c3a247ea43cf6c1439af900868a8bbef24a4d1dca20910aa2d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25e53653201d1136d86dbaed7be7d9cc
SHA1 aa27b680200f8ee0fb492a9b7c90ec3ffd4e7c28
SHA256 06417ee3ba0eda2f9d51ca6b67584442bbf6315bc52987d2ce595c6f220779ac
SHA512 bba74c0f36c863ba6ef21f73bc04205d273bc4f7e98639aed7821299b009e4129fcefdef9c286dfa7063d10cfd3b6156c8af45724d6206ad4113981767e4c004

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba3e1cc0f3bc0ad032ecac6ecb24fe1e
SHA1 fdd71b27133e9eff0d702b4a9bd24cb9afc8bd33
SHA256 fc3a4621aa18f15d1a5986730f2d0a6646fd84514929f4165c5656705239e729
SHA512 e16bd84ac7e44ac871edb657626b955670a08398b8ec04d5ca5c7ea18369b37dba52de6e566e083f461c35105b480750d40100f4bcef61514c6ad5c538ab23db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CEC5B0E4CCB695208492C64784C4129A

MD5 bc2a845b339013065f6b48745a9ec505
SHA1 397af94629b31b9c79d67b6d2e4000f427ac3626
SHA256 9af45e2e97789137c9aba4d4156302eb392c44e5e59e5fe2536a0ba8aa1d4332
SHA512 b55ee8762bc762788001dac5c82025ad06c0a9d665656acf0618b93160e9890a8ea7ebd0cf0ff28c50df752a21d0bc703bdffcd1d71b83ae57cb08d022f07247

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CEC5B0E4CCB695208492C64784C4129A

MD5 d4e4572b54a321affcac4c8d9b2fca57
SHA1 bc8ea90657ace88d6cd0f93df5b63aa8a4330e50
SHA256 f4d2bf6f726c0cc54d18dfe83f0d594b97ab4ca756bacde6a3e26b0c3260b777
SHA512 36a70dbbda1db8f46b7c6e96108d4368f512d87780c71cf5fd2b38a20b6008fedff9504b11b59ee29a51461d66e211f2e0763f3c7c28c2557226acc28c3d80f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e355ec2c978ff2e4fa9fd6be8321ebe1
SHA1 63c8625171f8a976b6e7637917e500f94fbe12bd
SHA256 965ba60cd2728174c14337c847ab5e0f1d716275eae1caae50f39a422e788ff6
SHA512 b6660aefaa35ac8423062e905a96d921f652e066ac8ec7a896e60989acea73f9412d2ba55ef3ac21eacdfb9d7109201a5dbbe2e3673c6be614f27ae736948440

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0040df8ea6f3c1f77aa783c0b8b3d49f
SHA1 d5101d4d3922d62a862555f1ada1daed1fd1117b
SHA256 38c75960c21a9db60bbf8984071e924181c0c2e8107bcf57c04d1e761e63d895
SHA512 37e8f6fdfdfe65a282f2f475cf64ce67e6c1bac0370c26379569c5092b6b4f1862268a7305d58cd5f1bac3c5ebd5058d8ca943b06fce00680841ab097a78fb78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b58c82b4fb656f3984aef8f1bab02ea
SHA1 d8ffaf4c70eca9f5efe9149fcdca261bab5396a1
SHA256 b815258c45194c4b1575a6b6c5d295bb8b999df300c23c4cb9f4eede41ee1857
SHA512 72d875b660077172e34b736e7c34b897125a04073c27d4b1ad714664b8acf27d213d3173212e54ed1c42f6c17a0ed51e6a5556de7c74abe331c71299012bfb8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47fbdb44a29e76d3bc3a36ea754bb9a0
SHA1 e6b5fd0a1f8d6731a6f11b2cf5e42947d062105e
SHA256 a450f0826ae0748996d21abf2459c92b496a93fbad978ad2049dde777c23a942
SHA512 630a967900de417d53acc353bf8cbe67edb594889ff7f7ddca1fa7454e1ee379b11d651a973890abbd86a15b47c88aea47b9d3e6efbc1542ad6743b8c2783acf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8249eebf78f6a9f7a3e93b5d286e6a1a
SHA1 8a1aa9973a7e82fee1c01bb412e1f92a28d12b75
SHA256 3b5ba9eab0099be57b7fbd49c3c1074411ca053f03bcb326bc305e9d88209fa8
SHA512 03e73eddf8293741aaab6b76c131856c1e843ca5f11eb575ac65e7c847a59ec6fe7eb0eb05bb5e0427d3bfa0cb2a9c3979c03373ebe99a93be2b5216fa00d827

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b3121e795c501897ff44958508c410d
SHA1 506cdc16d35198e81e3199ef110d84bb7a21348d
SHA256 f04bde983d584df6a05d1ef0a631692543ddc146202487eeedd3508e898e3a9b
SHA512 4d55915cfaa5ac62225c94237822f0a766996d7ca4b4118c99d1437f4416213a597cba6571ef5d283e225ef22f80b2e26f64a22faf4ca9e57ea9b3e8340ceac8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c624e850a279de69791d80596485083
SHA1 783bd81200c06fd32077d58e873f38e83ccb4504
SHA256 2cc1825e32d0b60659de43f4a6eeda1d5013d9188ca2bd3c047d1e58178d71aa
SHA512 0af44bcfb4f3f940ceca9f0a11e5007adfa322c311638e88091d39b8338c2ec3af9df3fede89dd6faae185fad511b5bc1a679cda9566f4a74741cc0207ab254e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66db44605610e0153bc05958aeb35e32
SHA1 0d530352fcfc90fbdedc5c741fefd0775cbc8939
SHA256 71403291885604ee661bfae8417787d0e3bb312d9d41b8a68720ceff6509fba6
SHA512 88cdc875e89eff17b251b1a722861d2c765b4f53db02ae084edb18150c2a459836530cbe91c53a5436d53f42213d79a3add51f14e203d64a75fc9f1ff591a5a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74ab615e0fda3358c2e297530b00846e
SHA1 b744c07873775cd0a6f5bc34a457bd5dedd03fca
SHA256 8a30ccee5d4bca612415e1fe3510ab5034f33315d068f5372fcddd9ff521cc30
SHA512 95b5d5d11c23346aed612658ce5870e1dbe7b110451f54897dba9c64c9a28ab0fb8a272fb15e043413e7e690608954f9b303d1ec7f33ca5e1c8e7ab8342201fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84376eacba77afa640568dce7ae6788d
SHA1 b18ac6c39bff8002f12fdbbfb68731492d3421fa
SHA256 8bb1ffe3c46fe39a2259651801740563b400cea5e26cf20eb3ccd90f89365763
SHA512 5ba4154bf81098221c1b1eb459d0f43fb0b1b1b0bb5a363565329c309131318d7fd34de47ed5e7dcf35961a668ac6eaf9a89760746e132143723c3943eeacc37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 170380efb9bd46aa6f47a155b65a48ff
SHA1 be90061eda4c9fc53181deb0bfa7ee65e45539f3
SHA256 6f6560a409b0fa95a8b83694330da492146f994c3cca57cc2b0699de6bf35c22
SHA512 2386f84535491f325d03629c601f97a6eafbd2755727c8cf2d25c34d350d3ca538b36defbf1f5e6165fb8ea712a45235518c38588bd60b270d5b2814fddd06f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe980b5d6f729f13bad24d96e23fa732
SHA1 ee1cd0426190792da496a8585f6bb47225157385
SHA256 ffc37ef576e9f937a505bf67c8ce23ba86aaff7e1f77627628ec755824b5c8a6
SHA512 1d83c183d0b87620e8199e995432394a5c5b80be155ef5e7413711ecec914de196d25438b61a11ea0108817a151d660d5e1757e17f816b4725e889d4c000af35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0857009e8891e1839aaf7f1c84da29f
SHA1 c2dd88a85caec6fc6da69a944382f24545ce9679
SHA256 fadc3819d4c21c0240baaa3d8c66f0106c1bf795c22e8142c50be26f875ef04d
SHA512 8aed40acb07c33f00f310fa43cd0120da9b24d6fbb3afa7c69e345aa51f53c5663270e20daa6daf0daa9a335a90f8105469738bface9051f0d419ec8efba4667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4f995067d52107fc58db76c4bb44e7f
SHA1 8214ee48dde54e35d2444b36f99434920e825020
SHA256 71c8fd637b6d871b41933fc61ff2ff2f20e55490cf75e4368d66050d016f77c1
SHA512 8e27d348160aa7f09b9bf177faff5c41a5f0b2ed30c97110abb427c03239c1a43cc718d57577eae59a9844a7161875cf171d4e3a0edee24b28326f9e60d40037

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c94e9febe0fa3de889a3f10fbcc91042
SHA1 d9f9915695e1b1a0f064f6b5f0068c40000d88ac
SHA256 3eb8bd70aa2a2540bfa589192308d0ab3ee67d2a10e11c0797848bcb09220e0a
SHA512 eaab1c086b2d25f21464260924ae14e7358f74b02cf742a5366d3f442baa45074568f5e3667e26715a99ea6712f124d7678267a72798bfb97eeed1b08bad1184

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec66f2cc25aae44e426a262245e1f978
SHA1 f4e1abc616e33aecec8f8dfa81c5bf60fb26e904
SHA256 0f0520eaeca6952d36ed83b51f0d92168a5f7d2708c09a31ee96716eb929a7f6
SHA512 ae4ea03d0593c3883959a0cac8c499ae827045961904fb99d00d137e96b712f4fcb2107c071dfe64ec24bb594faad70fb92390e1568659e2c174c88edd3cb411

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98a59848a7e10fcf49a039c18c39584b
SHA1 6e449373dab0636e0e77ab6203745c607d71d9d7
SHA256 6ea6af59129ac37e11d5dcc4d4d431cc93e086d14f96ec760bde6c7318d19d74
SHA512 ec076ce4c76f1599e1763b66598bee38a006c001de6effe227204fcaf096f3d210f5b2afe392fbcbe1ad744dcbe749ab6b85c41ede1c2b138ead6a91c55e8ef5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63bae5cac56bd5c93859f503f3b123a7
SHA1 144670cd3e669ffd1611ce03a07cff536a2d5a42
SHA256 f83d42c02b40a81bd4682f5fda0f13c6ebce7f3059e246c6d97bead460e95fdf
SHA512 3b72ffee4daa54fc5aac58bdc4728ad841ae66e055d99ac130371f8325f2d12d04f745183aea0238fde96f49cbeb0637a21419ef8de0373abba898ccaf8af0be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a93d1189b54498f7f34eaf7f46d6113b
SHA1 333c987fca8942556ab7445a84bcfb4877dde6c5
SHA256 403a9c5c8d8b30bd09d504432689e6ddae1d5aba679aa6a78bbd75383f9ac8e5
SHA512 df161e2dbc9119a42aed4dd0fc7dbbdd43d6ef80fd0390c2fb3e6189ec1c1678b7ffe9533f0d787d374eafd8c0c215e847b4d883740686a10772773132fe86cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 656c835848a33326689b22c770a394e7
SHA1 77c69d83ab7d6de633b9f87b6df4a620445a8587
SHA256 35c71522ab4d472a12b5a834f11f5212577c7d50943c7adcf8f77a52f6280628
SHA512 f1df2eb005024d26bcbcba570ad762bd1fd8c3a2d56deb10eb1b20b79a91663ae2aa767ad74748832ceef5e20fd51b98f0cd677202ee9766afa44b273bf3adbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 963cd1ac7398d6f72fb364fc53d858e4
SHA1 99c46a2376539a6c0c00eff17b1506e3aa862628
SHA256 925fae81a7d898b18e8ed01abbb7d05ec9cf11f6db92b78d12eca12734cd96fb
SHA512 9607a749a577880950b2760bffda59fda4dee8eb11a26ed61c498a2c6ca5ffb51e6f80e9353473b744f8726bf84c0111d3f014d3a689bb970c06b7cd11ce01e1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:10

Reported

2024-06-13 10:12

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5041743b29d61db9e7a0e63791f4ad0_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2876 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 2064 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 3044 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2876 wrote to memory of 5020 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5041743b29d61db9e7a0e63791f4ad0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa70eb46f8,0x7ffa70eb4708,0x7ffa70eb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17211967310095011517,7258428690939864694,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.yaporn.club udp
US 8.8.8.8:53 yaporn.club udp
US 8.8.8.8:53 vwijf.com udp
US 104.18.10.96:443 vwijf.com tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 apps.identrust.com udp
IE 2.18.24.9:80 apps.identrust.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 96.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 210.212.224.103.in-addr.arpa udp
US 8.8.8.8:53 9.24.18.2.in-addr.arpa udp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 ww25.yaporn.club udp
US 199.59.243.226:80 ww25.yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 226.243.59.199.in-addr.arpa udp
NL 23.62.61.106:443 www.bing.com tcp
US 103.224.212.210:443 yaporn.club tcp
US 103.224.212.210:443 yaporn.club tcp
US 8.8.8.8:53 106.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 234.197.17.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

\??\pipe\LOCAL\crashpad_2876_GVLNBFGPSRXTLOOM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0b69e7423849c826de58bf087c7c3fed
SHA1 84911cfb5767dbbeeeab3600b9f603a273b668cc
SHA256 1a7c7a49b9d5237d5928900e2fea5f70babf09c574e183dc37680ac27abc6fdb
SHA512 c05efc4f839b7227162e45527b2852dc6376b8f3e743683e5c5ae9d1df16b25f145ce9f2def7b0b783b5d2ba63fbfbbe42a7ca01145b553277cdeb5e2eb5c5b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5b3b61f5e7bce85d6917035fddc2c78c
SHA1 5f34bc19eea53015d5e10fb345775055158682e1
SHA256 df2c15137b83908676cf1e5c850fdc5cf3bfe05d6b10243df91dffb18c0aa725
SHA512 d8f06b9415e3af43e15895a096d729188946e48948bccbe5e621fbd9dc373b4b5a273d48670510546dd15c69d51a0ba076122e222f8361f1d4a04524944e0ffa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6e55afecd6ae7eff5724b06963dbb6d7
SHA1 d19910e66460733475902a83926e1293d35f6727
SHA256 1b71469dba85a741d3f61c2b24badab5d335ddadf142ac5f2e0a76a62e46808a
SHA512 dc6978005283e955a7298435d29d59415ec1117d0bb51df983ae4a43d9cc1f838e8e923e679ab03c60b93dfbb4792eaeb265f75b0e119f6db2e80ae04bc6523f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 af208c6bb14127eea0541bed38bd0a06
SHA1 c5f4da6f0726b3f85cd81f2b4ec5aade4915baa9
SHA256 fdc65b15d14ebfe8c39ae462afbdd24f95e471d3d72c93e1bd71b64dc5c46c42
SHA512 d6fa99f77819d99a717d9a107004562136d4fe4cb5e3f045c317a87419e93be2b4f630f53165d3ea508cf18eed04a88fa527cb78bb82f71bd3740e1e032b7727