Malware Analysis Report

2025-01-18 00:19

Sample ID 240613-l7l6wsthlg
Target a5045f0a05c87a9db22e67bd8768552e_JaffaCakes118
SHA256 09e49b342cc6be2e2354dc78977a254db6175e2254e8eff004bc794c445d11d9
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

09e49b342cc6be2e2354dc78977a254db6175e2254e8eff004bc794c445d11d9

Threat Level: No (potentially) malicious behavior was detected

The file a5045f0a05c87a9db22e67bd8768552e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:10

Reported

2024-06-13 10:13

Platform

win7-20240611-en

Max time kernel

141s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5045f0a05c87a9db22e67bd8768552e_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435300" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000000ce56ac3197ffd17b1f664b8ab8b0942bcd0a1bb1dfe71a9c4a7285532905f1e000000000e80000000020000200000005eb7929e1ecf327049afce73cf6de3d786aa35cbc2b8f2602135ada7c3fd3b74200000001179dcee02755e8862797ed9d287edbff97c813454d1fa23d3850f07e92837c240000000144131e8fcae5ee855b85436d16023231ddf2b51b8fde125519c34db23dccf1998dfe4a2bc4be78d1960330bfbe04f630adb2e827bd640efd87a6284da73b3e3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B1BB181-296D-11EF-B6C6-7E1039193522} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000edb50e4cc268724bf0d64e76b9fd37ad4269fd932c667a8bf78e7c35444fd28a000000000e8000000002000020000000de698c6f417985d18b35466974b6c5469273db7d4763fb42f063f762e952192e9000000069f872cfdee454aaa824a7d53a9f6e98e7418473e9bfa941f42be57cb05a0ed04241b4fce180d4a2c8f74ab373c98e4e357f7b17052e9b5803ddc05148122956a2f4b7718c9e358ccdbbe4a228b51c4b6517c494585a596271afe02c7684d4578df78c8129f5067e64fae0408d76628da09d34fc6d31019f5dddbbd5995910d725f6f012a0a928b097f68fde73b1e7ed400000009de129c8e9e15c17a6e90a30673da922a964fa66c1355a1b5328e03360b8b59172253a1fc0673e6deea8c8414a19b718e34bd3a41f330869a5e344b03312835c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30e750017abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5045f0a05c87a9db22e67bd8768552e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdn.mymediaz.com udp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
IE 2.18.24.9:80 apps.identrust.com tcp
IE 2.18.24.9:80 apps.identrust.com tcp
IE 2.18.24.9:80 apps.identrust.com tcp
IE 2.18.24.9:80 apps.identrust.com tcp
IE 2.18.24.9:80 apps.identrust.com tcp
IE 2.18.24.9:80 apps.identrust.com tcp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 172.67.196.74:443 cdn.mymediaz.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
US 8.8.8.8:53 mymediaz.com udp
US 172.67.196.74:80 mymediaz.com tcp
US 172.67.196.74:80 mymediaz.com tcp
US 172.67.196.74:80 mymediaz.com tcp
US 172.67.196.74:80 mymediaz.com tcp
US 172.67.196.74:80 mymediaz.com tcp
US 172.67.196.74:80 mymediaz.com tcp
US 172.67.196.74:443 mymediaz.com tcp
US 172.67.196.74:443 mymediaz.com tcp
US 172.67.196.74:443 mymediaz.com tcp
US 172.67.196.74:443 mymediaz.com tcp
US 172.67.196.74:443 mymediaz.com tcp
US 172.67.196.74:443 mymediaz.com tcp
US 8.8.8.8:53 affiliate-robot.com udp
US 172.67.196.74:443 mymediaz.com tcp
US 199.83.128.193:80 affiliate-robot.com tcp
US 199.83.128.193:80 affiliate-robot.com tcp
US 8.8.8.8:53 affbeat.com udp
US 104.21.78.157:80 affbeat.com tcp
US 104.21.78.157:80 affbeat.com tcp
US 8.8.8.8:53 static.hotjar.com udp
FR 52.222.201.44:443 static.hotjar.com tcp
FR 52.222.201.44:443 static.hotjar.com tcp
FR 52.222.201.44:443 static.hotjar.com tcp
FR 52.222.201.44:443 static.hotjar.com tcp
FR 52.222.201.44:443 static.hotjar.com tcp
FR 52.222.201.44:443 static.hotjar.com tcp
FR 52.222.201.44:443 static.hotjar.com tcp
FR 52.222.201.44:443 static.hotjar.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\Local\Temp\CabF9F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarFA4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81920e2e75f399987494f35f0c13c7c2
SHA1 6d5088421242aa897c90bc549c0013b99b5e550c
SHA256 d31aefbd6233a2317ca3db61bf7bfba8ece727f52216165976c959f5fea7f2c7
SHA512 f116ef188e4634add38ac861c67c1a9f9a43596c15c8ab6460610bdbaddf9de58920664bc915357721fd85a69f73fbbb4ba9a3733ba524a1533239bcdf95dd28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 a277ebcf73fa5cb93a573bb0bc1be047
SHA1 f1e48c5ccf3ba096bcfb3ef4a0129f24bc25af80
SHA256 d4a9c319d38600561855372b3315341c5fec8e6c548410deadd6fcdce19cd664
SHA512 cdaacc4f61e1c95c4c070815b8ca34feff7424d2b5bca027363a1212d41e326a34fb0301f7f4a7fa9b9869932e240f3701be7ba2f1621b0afe63f0ee58a3f942

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6f88ecaf1c5496b5acc0e84ec385e15
SHA1 46ba713dff892f204f31707b089835046e688d11
SHA256 d9a3538b38a1548ec5403260e3d3aae7db284f3979856a6a7737b60c6ecf1ab0
SHA512 c782eb98018331753f1baeed60f994a665f2885a35459ed1da0cd2d74d79b6bfbbc03b6d3b6acb47e7b7697ca5fe2f8bf1a4015399042ac8a0f9189f35c52d54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 27377af717c8bb17267982194c393e64
SHA1 7a92c3f70a438cb4c3c42dcb75be034d286f371c
SHA256 9997b393fd55b72417109775d4f528a1b62285bdc2c947bb45f9fe2deb8281d3
SHA512 220bbbf63fd940b7cc203f5b907a6c1e9abea7cba298cc0d6ada176817bd88c816a8d5678f9092242c516766014f2f666844690f47d88a9efd6274147ad9fe2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

MD5 5ae8478af8dd6eec7ad4edf162dd3df1
SHA1 55670b9fd39da59a9d7d0bb0aecb52324cbacc5a
SHA256 fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca
SHA512 a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

MD5 81e185083fe410f89fbdf7204e54351c
SHA1 17a4ca7cf1777765f4a2152dead123c7d9adb043
SHA256 f6a19096f931f6360eb93dbd44c9dec7833a7b69044707e743c14f16398843e5
SHA512 fd44aa7c86b97e9a1613e82648821f10764f4d1ab2338bd3333af7aeff2319fe4a90bf19a135084b807baf470ad1ddace06f3823779e04aa62f3654e3ef7602a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\67X128S8.htm

MD5 0104c301c5e02bd6148b8703d19b3a73
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
SHA512 84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 711632fc0910123bc6e34b8ab0e690b0
SHA1 7d1c98760f2efd5fb2bc576a8eb3855990f40ba8
SHA256 123b440fa7ad9494640ac9fd1f126973569e3cd434ea529c923b8d51bff6e90b
SHA512 e4e184692d7b40124074de7f7c58750e8821f89882acb431a9334685cdcbc2d29e349dc8b182c037aeef721003221387a25e7b473c1c7f1f435f4e55ada2bad1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dd395d95be82d3854400af7000820c1
SHA1 54f7b78757ef86a5f74d625e2bfb88507ee3970d
SHA256 34e90b99eda234817080dcb3162afa8e1f1ce7a3a5770b37ee42633155199b34
SHA512 bf06ff1521a9f554e08d2f043ce568c0f07c33e833c15cca77b32d22feff8a05eb888f37a884165bc2f695aaed68ba51ed43ef756d9f7efb36413d2be365fac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70b2634ef3190c1c13675eccf075b4f4
SHA1 fe31a0b31fc9651da398ef5c4dc0773a1c5a3bd2
SHA256 1e383477d31baf95637aeb39c020fdd8d0af39425be13de88b950f2f8c36e0d4
SHA512 32079d67c185afc8aebcc6f1d825776ab6323f9fcc1484a527a3b4eb1883a650b2ecc156f34277eb41f2e3787be5d4abb5198ccb69624f3052e3e79443078d4f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TNPG4FQ8\8HR0BL65.htm

MD5 d8a0a9a0f489207a41a000b863f4ccb3
SHA1 149c095d43950a53b1eed1510348906f2dea4f48
SHA256 e4608c4e591973df1f5dec580a20fc8865cc7af32444f0496741248b667e71e5
SHA512 986782ca177f44059450f5609bbafcd46cc42567f361d12b2e9fbf26411571e4a35abb69f65339cbd0c4bdb455750b60675cbc0d1091d43c79fcc7ba25364759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae8b617ec81998d8a30f64083d6653a1
SHA1 78660af32454d53a87fe079e5d34183a274f6bc4
SHA256 352a61afff0e047a48e0aa9eedd77ef53dc23e29ec05fae14cfc90c9aa53b546
SHA512 1f732a4b769c79e06659fb31bce4bd7d0d4dec1419b11f6c6857d2041127d7a511546c0b9035cfc732740edb1e3f895e8053b6e2ac61c22de2dfbbba78e3e21b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e610680beda7dc198ffb171ce82594e
SHA1 8515f73640bc39e16ef3a642b9ad6b84c159d669
SHA256 b88197f9f75703b45b7b37c284cc94986c95548894bf4c141889305b3c4e0ff2
SHA512 df2faff7bbc6cc77d5b74dda64c606d1d94516da65a70b694b3a3161c7d87c9405da6cfd7647566ae6ff1113fbd412363bfb6c40df601bcdc67cc20d649ff35d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9159e87776ac1b61e453f4b68329c0fc
SHA1 f3525c845ea7220082290e5da52c5619b77e6ede
SHA256 dd563e8e852112ce0c2ff7d08c029478c8344746b5a4cb5b60b71d5b27360541
SHA512 0c44145d93a5c6b0811b599b8368cd10666857fb550ac994557e5acf903118d7aa13e047305295098d1636d0b2256aa042a0530c84c1b4d8a0488dada594fc5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79a0cca2cd60e90a2cb1a46f98bfdb48
SHA1 d165209705be9db98fc37fcb42fba9978579eed3
SHA256 09fdef5ee81fe37fb735f3523850d12659d2519ab6152308f96cf4f504a0d7ed
SHA512 e149b3ac71140bff24d13f338410d589285886e93566435d7826300091e82e682cff0df83e65d9e01403bbd008c39e6885052f05e32cdd221fd57c3fdb6e5c29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8ba3be93688644ef8709f5dec301402
SHA1 c9920d474778042af5e79d83da7e27bb25b79d6a
SHA256 01bd340f73e190b72868f9006c6abe60fabff2c8ba04079840edd39388644bed
SHA512 72cfe6925e212feb389ecd2969cca1b2eecd726284cceaab71125c02f90935fab75b47e70636869ef9f6c8f77119984037bc11e66ac0473ce9b46ea7387ac698

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f1c8c4e26fb22d3177a81241634f65f
SHA1 455e7823536c938968ac33d6146ad82ec835d502
SHA256 0dc43df61cb66b9c79469f98a3a4924267afc0c4baaea943f793dd6575ad1831
SHA512 1453c9387e941fbbfac382b2e9ed2a4c8e52765fb15a8c325b741dee283f100be67b6584c36a7423dc3b46da04f588f10765f427ff55524bae1c2a2fce4bc5ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dcab45f586769e410f86438621fd0b0
SHA1 6a89289f742be6bb00cd8fcc0fccaa705c531b7b
SHA256 5fbdfae99e768d850550789d79c35a03d3d30bfc2898cd6d5ce1b2b081a551d8
SHA512 fa91c5cf39ffa53f433590191bf2801d31bec96d27bd878f190ec7489bb8ae2d36e78a4feb7be59d441e5c5814eb192cb229f718e48d69e60f5a87c353566ba1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 75a204809b2c0e6461ed0c2949577df8
SHA1 f18b504975854c9825411b01735df6c7e54db413
SHA256 56e506e9af7d4d6753c13bfdffbf88a40245a4d6085fe30eee61a70e2e06fb28
SHA512 d33a054e9da8e3ca17315ee2c7b05c786c6fa97c56ad87ec94f6615e8b40b5a5aed94ec6b8e5666683c8bc643517a872de3caa2176abe8d7e94d77d94a00a28e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd388b315899e7976c3b8415d4318f38
SHA1 377545b3f6f718aaade35446793cf500eb7ea3ca
SHA256 6e92e479af196baa35ed94541ccc303426f8e8debffcf330a0327606c786d833
SHA512 7cea1fc2c3153b961b10ce42774336e7baee2698dcda78ab7e53191844ecb19dc4956fc2cc8a9112323d3f8250a5f60291eaa0ef54df35eb1e073c6db8036ade

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df9e8b37b791a96113fb5cf598929949
SHA1 c3d54427dfc59e2a8c5dae1f7301d8a44020f287
SHA256 b03f6bb4c06a0bbcf3c53a4937237e5bb951d0d663e59072d47f4917a025b7b4
SHA512 a6fdf103a4176dc8552fb5c471058fa6e9de640f5729bceca1382aac9f8867b48607bfec044fc6964b59a938d625d54203b5cc3303a1a60af23f721cde482846

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef320044363a01d7983ea5f1dfe2f108
SHA1 582c90d26009d0ded953f50774544db7d10a21b9
SHA256 221e05cf9d04f74bf476d8107aad83975444d60af6db84618d459ec3a4fe43a3
SHA512 ed00bd2605c817be8321c7ff8a0aefc238c731feeac81a78dc2f615d5ab3de90d80c8eb11de617e30faf9310b54e165575d82e4013ba408e7376005732cb29e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ae635164162c8f38d7cd3a01f01164d
SHA1 f6c5778523c8452fb3eb6311b3b951611d8a3d26
SHA256 b26c26f3a0bf8b0a4d70a47cdf65699996454488fff1d84fa9954e0ab119c414
SHA512 e96447480b1cc7e5d79b7aa6b5f143f76736b8e382eae7d8e47cfe34967846ef83d9bb53f2e0898d451772b8834f21fd80bfdb26127e80d948995772c8597228

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db326c9f917c657cabe8be38a65c605e
SHA1 2ce56aabc6f2fb1c0783b226e2e4be2d813bacbf
SHA256 ecd1fadca4afe5200f51ff3eec67ab0b5ea74221b3404dd910931151511572a8
SHA512 9507280d3a4acb2bb19b457636f200f072f9955426b08c5a2920260d5f8df6ae571406849bcb67dbdd03566008b958c0dcb5b1cd3520cda97cdb4923c6f89d64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1f312a49f9dec96d2e89b3bbb62b290
SHA1 ed3dd456fcc44c3558fab84e61e60a123799ca52
SHA256 d112298fbfc550279157b687f2cb17bb9c5f490212edac984636b53e1809298f
SHA512 741b98ad21238833a868e9b18e810f4476bd2bd5ea573b3ce582e0411af7cef77611af40206ecabc98048f931fde77ad4c5de779f77191b2cd407bc209cfbe1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a64588f221072d6f3dcb2e631a358698
SHA1 374ec1a9ecac6a0e5f682588418244e722814775
SHA256 4c8a3432776d29df81290fa5712b55976c1d528d7d1100b61151f68b4e05a65b
SHA512 5780d4f0a0a9ffa7ea5dfcd5f1141440d30cfd39a70acb6dd88e3e56ad6b84fc0439dbefdd45ad3d7baf1b0bbb99e315f82d982eb96b49bfd708ef555ee53dd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4cd7d6173476a5631011a6e5e21c3ba
SHA1 4bc39014462670c065456b35c20fbe7524dcbab3
SHA256 1d1f21da3801cb8eaede5e3609291c1f284c15aeb8db196402eb9db5d6bc9fd4
SHA512 96db85327e075cd6cfae4f5f4083e1294b35230414d677717e23caf688ef51af40bcd76d4e4592d5c951173250888f15a36f650c7995148b990b2400e2e48b4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1791bd1e83341b1b73b5c931cf11f8b2
SHA1 145114a8f55fbf22f825f800de8cc65c21959025
SHA256 45e1d76619837560af26f32c6588bccb528de5b11a2a0db7776c1b06d08d2590
SHA512 211f6c2862a0dcf8c73ae68aa4b969dffd46a99d216faef146b7af088c622be9739c19daea2a1258dc7167b99bbbebd48e8659d972527bc827cac288a25b734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 273e785c34a7bd6304a84b70c5140d5d
SHA1 a38a29bdb51bde82004e5e31e677284dfa004991
SHA256 878358a1352b2cbabac5adc726b9a231cf623491ac24d74386c461758aa41c60
SHA512 629424a4bd491cd5ba22bed205ca1a74a97b94c2044ed3f964b1a4b861c294aad1419da60eeacd0563affb335d89427d5055b9c3a7247ef22968b35e2d31af80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 014fd70fc076eb76c02532bff882169a
SHA1 63e6d64b8129ca4c9b636fae7b796c19d042d8cb
SHA256 51aef118d2ef86fea7fe1794dfde8322271224cbdcdc00f430544d173932bcb4
SHA512 198a68f775e54949ad18d1fe453a5a67838291328150ca8fba74d13f93c8edc0723232f8c83790885fcdd3ec2e2e49b6d06561e61d039762bcb953fab7532207

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f7fa806a4bf034943ba467e10aaf3e2
SHA1 a55234616cce4ebc28aa2d910a7d62952374a6f9
SHA256 ca075f83eb7cc32c577257c4ff1a91cab8c51acb312e207a54943c9d60346419
SHA512 088b52af1ffc0de04f5835335a108177a22c64e8609c6ffdc193d0b94143e394ab358d4ae8d84cfc85e70580104626baf505ac1260b09624c28af8bd433bb855

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:10

Reported

2024-06-13 10:13

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5045f0a05c87a9db22e67bd8768552e_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2656 wrote to memory of 3320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 3320 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 1560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2656 wrote to memory of 972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5045f0a05c87a9db22e67bd8768552e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5eb246f8,0x7ffd5eb24708,0x7ffd5eb24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16250507083074063483,1848808739656768200,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4420 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 cdn.mymediaz.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cdn.mymediaz.com udp
US 8.8.8.8:53 cdn.mymediaz.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_2656_ABEZMCNZEUSSHVXV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b95e09e9ad89d417d4e4f3bbc8b5d1f0
SHA1 fe85158cd00598fb7809c0c33ed683e5b539bf9c
SHA256 f1a54bbde33b6afd960e888fd8145548027b863dc001ec271d7a8550bccc233f
SHA512 bbd040ca8df2675462f30e0e4b4354dab51a8d1845cc5e828ca582237880288447b62692d8b666e3391c05030cd7712ffd1368292e797ae781bc4c9c415bb3de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 09e518ac15b470a5b802c7cb87f94b06
SHA1 a6cc938ff0b6e7d3822211d09af12ef9104e4d82
SHA256 94a0ce0d1ee26db0759b1466205849f1ad18c2ad19001553090999706ff902f6
SHA512 611e8a523baa1dfeb9f89b2d04006335442cf1a6eff8a733057115d6ab90ef92f0cfe30c62bb9a10aa556b15f2ff43105e8a0ef9799b9d2966261d5e5930e558

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c60634627917dc41bfdf84b730394d69
SHA1 0a6cb25686b28b07f8e372cf16839121a3f632f5
SHA256 e7314302f23ca30e6bebd9702de43dc60d2b77dcdf4632fefde7304daea618f8
SHA512 6d26d16d1f9f37ff27b21a4c355cf65c64c3b87cffdf91bd3f04141c700dce711e5803cb175416626373e1bdbe3703cfcbc2c042c3395e687b96c923c87d9741