Malware Analysis Report

2025-01-18 00:56

Sample ID 240613-lrvs4axdpn
Target a4eac3793f9fd4a5ffc913ade1a72e4d_JaffaCakes118
SHA256 c78bfcd5ccf5d1197c19774e10c6d041c4aa8f9be088e3cac84a776bfd091dc5
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

c78bfcd5ccf5d1197c19774e10c6d041c4aa8f9be088e3cac84a776bfd091dc5

Threat Level: No (potentially) malicious behavior was detected

The file a4eac3793f9fd4a5ffc913ade1a72e4d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:46

Reported

2024-06-13 09:49

Platform

win7-20240611-en

Max time kernel

120s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eac3793f9fd4a5ffc913ade1a72e4d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006b8fe0c8bfb4197f54b8a253fec82b76e4aae94c46c65b945eb7366991afaa58000000000e80000000020000200000002a275c6ba8ebb9574ad859f1641a03310c52d14646723f112604c8fea7a0ad202000000010da5b825e1a7318fed11934b7e9e91b9aa1423fa991c3e38a06932dc104c61840000000f10074496a70f5c0b105e7ebfad7c4d151feec7d08a68d0079cc2c002b40d8174768734254c5d563e555ea14a889115174acd6ca55cc81cf32d4ab5ab3bc3295 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a5e2a776bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000be52737b15d512aa0922d77b4294dae28a121d7d062f811a1947444c9952e41f000000000e8000000002000020000000f10fbf19c3b01edd1b88fe6b4535ff7a7ee031fa74b86207685147f589c4024e90000000cd48b8ae3387b44b9e8935e75c98b0a10a33b4f585f6938215ab74db9ce8b50f0e2c28f8a2bf12f825b37324ae52ffab6d116415d19d1986596e3efe150efd9cfbeaaac36da9b913f6a4cde6845d53d385cfcaa756b31561575e298f2585c4561402f9be102d01bab7f5ffc71f6ab65fca25d8b8b032e019e429f6a2c8eaf418caa044476ca0f3fe79392ff49503a07640000000e72f2ff924c2c140e3ea3b580f3b8a9fa01f179d9f54793badce9ce6eb52abc24a8e2c33ec36c2cb117e2a3775cad8d4fc14290e5d62dd24453f0f28ce179017 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433863" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D155F0F1-2969-11EF-8144-CE80800B5EC6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eac3793f9fd4a5ffc913ade1a72e4d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 buro075.nl udp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
NL 84.244.165.144:80 buro075.nl tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:80 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
NL 84.244.165.144:443 buro075.nl tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8DU897P\fonts[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Cab7A12.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7AE1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd63c8ccbc8f9fb7feb43459a8e62573
SHA1 2241b7d14c35a52aa1f5c2c611a367800b7ff159
SHA256 e9aee008f63b971b6a50fd131e0b6e9d0139cf46f3af3a71825a1ae348c01645
SHA512 dc8ce801fa8c1e79b7dd6e478b120cfba612d105ff4b733859979b30bc419bbcfc585e3101986172302e7e4dd5db6085a2c38e4a8c03764179a7cd8ed15f47e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a33ba62c8f8680388ffb717a0ec3ceac
SHA1 40eb72c2e7c0f8188bf60d4213000a680f4a47a5
SHA256 30577bc7d3fc4540e0a6f66308b803af3896ea9cde8eb494fd9e7904c46483d6
SHA512 f57235359bbb250aa598747c6d0d912e4cc18af6306cfd0f02f62331be15395330ba6f17fc5f8bc803baea69ce2c60ef6f01196d138e2d4a9513ac5b920f4115

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 683b5bcde2abddb3f01d073617369ad2
SHA1 ca872c3a92e24b4ce039687235f28a5231b48aa2
SHA256 9a5862ce9b68358753e3f0a7d1b7eb9a4c779319790a23b005412d93ca73d18b
SHA512 bcc0566973863b137cdd4924a26cf6f5a3878f2e77c2618f989507540ec90e5b3160fe038fb7e1abdcab831d0049272bfcb110428f4ebfc1d1bf961059bde323

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13c5c168e97df376b2026d7cb0dc2404
SHA1 996998bf9d66d23ee5acdb3dbd97761491329d46
SHA256 42e38e895b2dc4ea3d296bec16ca4ff375d8b137393f85878e9d3b356c0500d2
SHA512 807681d39ae5dfdd8832d14f591328969a59cf377be582d452bbcc257d7628395188e62b435e4e4d4680e5b1ba7222e8ccfe0c842a5fb65cfe881220c7b48b0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58edc8f6ccb49705ffb35e25d1e10231
SHA1 23f424f1e3f2a2f1caaa7eadcd90721deb70c4ca
SHA256 ef7b63d49e14a47b7bab3e6f8f1ae981a9e5aef0f5d44a08e73ad63a466f9000
SHA512 ea0641c168ff2684ffac47c767efd6862ee84eac190fc45ac853bd1a3b1e053f570e2a2adbc9977a17305474ba0ecf75285d921d7ca1471c218f0bb0b531684e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea59e9d6cea334ee78cf859cf220a607
SHA1 225858fef1fb44230681ee7d50ccf0ee9eb84877
SHA256 417324a13b024126c0720b0b7ae547fa65045db9e7aca0965df85e1831d33505
SHA512 ca57d3b989336d93d0f1fef2a3e9375003475fa4904c10e6bc9a55cb8a51c1a20b70b0f9d2005bdc5521c4da3af56b92a2171c27d586ad2074666bcfab882a9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26f14659a1ca71cacb501aa79b4c438d
SHA1 8201f2590304d1dfb8f5bd59245e73b2bf3385a9
SHA256 24a80aebc7efa7384958212fb07a65d54d1efa0eb71686ed4608aee2df257ef8
SHA512 1a30b318591d2483c44d1bd0d8beb3797f70001d6a99618b1e6e8487b09b4b2d7bd1c5dd9501cf3c70d9bc2a8f8cfb3bc70be25cb1a342ff2156e173f9a3eac6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36905ab5208fa5a1cb4b0f799daa04a0
SHA1 816e75d068805f09c2a14dd5cfbb78a81123e4a6
SHA256 2e87371fcd942f791693bcf21a64a4372bca7bc4bc4ccb94fb8ffe70959e86cc
SHA512 92911fc0c62726e83ff8f6486245f3627875af76874cb2c084a744980a12d0c4b4b72496f6ed8736f1d58845e726cb768b2b586d966de82616eb2495ced647cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62dfd47003647f7fb79d81deb9c12a24
SHA1 53b4348b7e5cf2b7c46f2d3c561c81161ebe8b42
SHA256 8e44192a6c522dea7392597852800459c6af894042f81a82720dab1f3210ac00
SHA512 5e9d5f9aee445afe1e42aa2a35ddbbd331e43a3f3d2d021fda3bd3f754c26be400f30cb9422179ca8bc61acbdb18bb6a9e093c9bcf6645be884258418794c80c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0dcb4a6293c18bd112fc76d0a0668bc
SHA1 f1d349fb84efb854b04e5897e0db5f9e12701ef9
SHA256 c87dbfc3ccb6833daa0de1f66811d62643b671ada17f817fadec197f07400e3b
SHA512 7d821e0f6fa51b5ed712986defd947bc428aba1ab25f8b7fe8b25f88c135a69901c91b555b82646b51f9442235dfb034bb2575b5360196661997f95639bb1b94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8261640a3424c9f1fc134f073bab3e10
SHA1 c0026b19acef93d68876d9a57de6f5d6a60a6431
SHA256 323c00817d2d6f4b0bdb51110ac3a6721a58b1ccefbd7b081b147fca29b4c1ae
SHA512 14ec5ece249bbdd3f03c3eb6d9de7c13a262192abf86c64ca5a4a5af9e59e2d9d9abec01616582311c30c0caaf2a95d58e8dd5f7cc73e05437fc0d15a40627bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1172c6efcf132c17b10e150e96316345
SHA1 6b29690eb112672c6e33a3376db07597b9fb5a92
SHA256 04ae0e037d3c92f91a464c6d95727caa50abcf6f3b5da6e81767a2df842490bb
SHA512 c6b6c847d0c840a205bdb210e63508b7eae41c4064ddc74e4b19b895ab993eb047727a5070cb3b378dce691d296c3b32c85eff899d897bf124606c567cfd9624

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a01fe2b05a913b53005bd9c1721fdc0e
SHA1 11f3ed77db1766152d3a4f6c60f02e5d4f34e858
SHA256 1d06984ade4bf0c4308781ccaff92179ad85979b4995ff2c56598f376bd57fba
SHA512 76fbf6931af9dace9cd1e5d2407f3a8124ace02b550a36ab1a2d8e1cd593ce616865f41fb2bd0a52a641b96c45611a23a46950693381a6d03c83f6cb7a6d9d8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be5f1024b3411a7603795a805d38ed94
SHA1 a60d057a188d6bc042b4c7e4f4440acddc912c52
SHA256 079cbe451332b703ad8a61f570d233875f874a2ab389782446879504db8d93bd
SHA512 57dfb1c11516ed2df64db8a81aff93ed3b9eb26d0e3fc5d53c48ab786a410746532a1c399e9f156b953541b99743e2b1e831416c39a5345a09c6345f8613da81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fee902f4fd99f95abf72e832e05f51c3
SHA1 a504746537fb7944ce9575731def7d1fa501ed34
SHA256 4124c177b06343d7bbaff0dc223d61157f9fdb4806481b6f20beee9913e9402c
SHA512 ce32a4ae09a298f73b7cb35f8a754a93b3044a90f4fa62aabc774c67d568ef207dbf9fc24ea378d356c57e86f6d435471dcc84af1ec36eaf27ebb0acd547d09f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 962b701cb075803f39b5cf109e11518a
SHA1 92c52a4208d4e683f2a9fab022f1b5551bcf90bc
SHA256 e3117c7add8d8a3500a6a1439dc8a18e4c2b94d7e72035911dcc55fe26db7c2d
SHA512 6e03aa1ac62a2349224811b07fdd56347579904d08feb8ca72eb3eb05f5f69feb06ba58798fc228c54653777c0fc02479f7afd0943b00e8ac8217efb2607e899

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31cc93603dc4175cad382d52961d614a
SHA1 1b66f44b43fbb84361e932b7c7673f73b9f8c1ac
SHA256 1238c19857622cf1ca6b37b44a62c10f3b711012fafd47462e60f7fec6743988
SHA512 ab39c5bbe5369e445587921e67ec790c906de6b5e93ef7018641172de42ba919524e539362b45d58f1fcdc7f1603cc308a1828b672066a6aabb4a717cf145295

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9afb93e005873be48484ab7d7a9bbe4
SHA1 e8d70c4d44f7b400c027aaa45cd5d436e0629143
SHA256 aad7be3696e7b941402c12bb61276ec25a53b670a5d4ef6fc21ee5c8573dbeb7
SHA512 fa43caeb684eb36e4264c6aea3f5c5c9dff9957db9f157276bccf692eef3dfc9fc59f959ad6a1c4283c86973fc89cd47e95d9d11001eabe17b356bb7856f62df

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:46

Reported

2024-06-13 09:49

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

125s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eac3793f9fd4a5ffc913ade1a72e4d_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1344 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 5052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 768 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 720 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1344 wrote to memory of 992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eac3793f9fd4a5ffc913ade1a72e4d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10984392362382997212,808131130929267599,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 buro075.nl udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 buro075.nl udp
US 8.8.8.8:53 buro075.nl udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 612a6c4247ef652299b376221c984213
SHA1 d306f3b16bde39708aa862aee372345feb559750
SHA256 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA512 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

\??\pipe\LOCAL\crashpad_1344_LAIYCGFWKYFJCGOW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 56641592f6e69f5f5fb06f2319384490
SHA1 6a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA256 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512 c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39be439b57366a0c990774f95e566d2b
SHA1 47e0f0b59502cfa3ecade70f09b817472fef84d0
SHA256 aab36fc4116f0e54b9949c86d7689451e24d3b753d9988e53448554ed9bb1516
SHA512 114c52069f8f6a8979f82c2b0fcaf4b18eb902e7cb520ff02257fa31b4430e689ca9ce4703233a24f9ff96b6931dcac12ea8a14823c5f228c5001bb21b80535e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a27a9c4f0ff6608de8e6a66a3b9f72a3
SHA1 6d7542940ddd320163aa69f617afa03bc6aabc84
SHA256 325db651fa9fdee65508c077edc70e0aa1852c8f8658159e216c08a8c58d1028
SHA512 d6458b90f0b404ebee7081e0b637ec95445000df443c98adcde4ad1f1f22fd69e6507f688069603e6da6d465fdda8fab7aa07f435421ce00d07bb53351ddb26a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 906cb1a5eee8e5735ba70529b4a77239
SHA1 bd9b1db7e38e4d145d69d6f02a6455718e3e22ea
SHA256 1a7150dbc7977864e672f45a55d734c9073adb2880fc01d177516fce4018a8b6
SHA512 473458fd01ce7a3abee926a3f60926dad09462ebaed8c64b3bc6c4e002b3bae7cf51a15c120e7b20a53c42300e1f19c7c2911615f98f08f6b566f25e828a2ceb