Malware Analysis Report

2025-01-18 00:24

Sample ID 240613-mctsxsvbmb
Target a50cd2f1891358a4cf3084569ff48132_JaffaCakes118
SHA256 4fd9338153ad56ee81d10790bfe350b65247cd65708977d186021f3928809d76
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4fd9338153ad56ee81d10790bfe350b65247cd65708977d186021f3928809d76

Threat Level: No (potentially) malicious behavior was detected

The file a50cd2f1891358a4cf3084569ff48132_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:19

Reported

2024-06-13 10:22

Platform

win7-20240611-en

Max time kernel

138s

Max time network

123s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50cd2f1891358a4cf3084569ff48132_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003b872e641f5c3e93b021274d61b0b2b9ec17eb8fdd4edf36fead1b4301e37335000000000e8000000002000020000000186acecc1c6fcd5070aa7ff687c1ea4071d09e645283b1ca34aed22d93483b432000000010e88db6ce426443256144a241154e098193443a0a4ac2b81cdfe8b2ac71add9400000002f65f5b959fd0b8314a192cab5e919f6845ca77d0bd38db5cf3488c84a69918b4bd6014edff349d068a5c6ae1eadd086c78d9f2c380ca0b02bab4b6f3ffc4c3d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a01dd7877bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{736E7981-296E-11EF-B489-E681C831DA43} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008ee5cf33cc586d529460a99c96f7fb3a45ba85a7fc5638ca07be15b48d62e798000000000e8000000002000020000000a1984dd8355504e1bfc43f5edf42e74efc7e0c46a77878725f6abf3c867aceeb900000004ca696421c4abab30826805c2d758e94a332abd4918fb8e50d0a6e497716e0d50dd068ee1dc2a41d2093ad0051f96692ffb98877f26407d9a3e94cc731051cc9b1f59a051ea1f407febfe962458cadc7f361e26bc74e97da5fa404441e8a779bd881352cdfb5655db5dab3b5306d1ee87ff32ec8e0cc8413c3e04a8b03910d98f467f9fb26d7e3f6ef4c1113bc0a2d75400000001c435cdbf00c13f57e0023497c6dfef6be1ebf309ab6ee8486b4e1106a4dd1ef7cb56100c4f87a7a8a009e5814afade4eca06cdaf71d275cd0ba651f5be00399 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435854" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50cd2f1891358a4cf3084569ff48132_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1560 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 pyrography.nx0.ru udp
US 8.8.8.8:53 s56.radikal.ru udp
US 8.8.8.8:53 newdomme.changeip.name udp
AU 37.10.104.113:80 newdomme.changeip.name tcp
AU 37.10.104.113:80 newdomme.changeip.name tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.21.119:80 mc.yandex.ru tcp
RU 77.88.21.119:80 mc.yandex.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
AU 37.10.104.113:80 newdomme.changeip.name tcp
AU 37.10.104.113:80 newdomme.changeip.name tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp
RU 95.215.0.248:80 pyrography.nx0.ru tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbe3f0a14b4568b27a3d513424a1301a
SHA1 5350a80d9309028449307d3bc0d76652c5eaa96c
SHA256 b0d35ea6ded9b9b77f9416d0c8e7e751a7c4548ce7e20f9bded75d16274fcf40
SHA512 89cb9ae013cb13848440782b9dfa4749595509c583c8b83641a2fb06c2a994f02bf4879e9c8de8dde4c952de994908b600ca2bf1d78551ba406c790fd9fe5a0b

C:\Users\Admin\AppData\Local\Temp\Cab70FC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar70FE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 160be297ad1b3019d650b2195d247bd1
SHA1 dd7937e163e41e26f784ab2e9d4f92c9d08dcb1c
SHA256 e11a14a9c4d73809f7130ab88f2d16ad74718a9ea39f4f6378a890852707e8cf
SHA512 57fec74b40c192c84c82649ba86de9478340111ccac80f37e6da78b283cb7b0d6e7d3a5e38f286f9b55a37f5b4fb9e09217166ec13301374d49af4098927541f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c3598a99c4c95291f3c9e2cf88b0c87
SHA1 3f0c19c6d92d41bd67e6ab8509d7c834a6de817d
SHA256 084bcd7655e4b8f7c2a3cda0a5caa9f4cb44ea2d93db9a3ffbeacd4f8433017c
SHA512 07aed4f1ee954764ce026f7a1a7518ccaf17d9a872734af65fa66aa98bc4778931eaf6c167935e60a2a4bda3e8f5937e6adb02f77481cc0e094bf18a8372656f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4d04d5610b5726ccaddbae1faf2fa52
SHA1 e81d94087c2b182df383be26fd8aaa379b689f02
SHA256 2322490c0906769e5b42fa2240c83549267d674dd2a3aa567a75b85a0803d645
SHA512 ec1d1bfbb07a68f3c42f1eb3e66da75666727d0fa410a60ef2d5157d2bbcb1d267e629564e30449499effc41fc04165bc85f2d58ff8b9287c9a9e7f95e4bfa4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b8c70cc30d353c95ac5573e5dacb4ea
SHA1 6aae6119b403530621cdda068f0707df307cca8a
SHA256 cf8268e319c5374ab4786a19d3809b82b78be19b73bffedc7435c3212a756869
SHA512 64fc7f1db123fd4f4e69b8731bbcd8a8028a7400ae99b1d55a6552c71646125b99fc1754f2d6173e3ee4d070e2f7760973cee3d45838b099f62a9dfb4d38b025

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44c7020b5337c9659993a4a22fb4f8d4
SHA1 4fa306f41fc78d5a0bf1e351fb7bd900ebf90dec
SHA256 55b4d69dd8fb7eae2341ee349276bc006e36371913ab992ad9df03ef7f0b9aff
SHA512 4d3519ff502eb76d693e231df53b78f312b841e6868af2d3fa044824edfad9d7cc87ead158fd5d7519cd52c421745a71f469bc2a3b4ca67bd16c6e9744fc8789

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76a03e4ad502d9e9f8be6f1d5db4c189
SHA1 cdf26bb2305398964809818e7a683be90b611835
SHA256 7d69f8a7df2a616b6c75678285b70ea048741a3629008ef0959089aa87541684
SHA512 ccde2bc3275cf1b72176a25f50243a4d529b14c5f5a2757c0b57e929ca4b71f581c8d825aa63afce5254d9504a3e23bf827ef533f89f77bf30c5e8ac99213b7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 173fdda9f979354864847af9ed893623
SHA1 099cba408bd5f4630a58f3cdfb6d06217dbf5804
SHA256 abf891631e7c7cdcb78c69a4b7869cbfb88127a714a72a5247d87213bdf7e67a
SHA512 4f479645e8dbbc873934139bc5cfb77966f63a890bb2f405ee6400dbeb049a8e768320d1ede3b99ff035e52ee29d25795a173424c089e9e26d9bc70b257f3608

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bc4e10c77f70d6aa694ef1e03e9fca9
SHA1 af3e921729f21c3e9b77bf8a63c202cd9de79f30
SHA256 cb3b9e33b603d71cec595ff8e8e18be87fe70b19e0107e85655f7f0a65aed869
SHA512 a909ac3f1f6259c74a46ded0af97d72d6fe5d439f6266d164b79801ffab0e228093aa2e563c2626e93f526ae8656828692d8ca3cd47504fd91e5d042f9916536

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7d5751d153a76fd49e1036268f406112
SHA1 5dbbe54a1dec0765699ba359e9a819d811cd815f
SHA256 25bbefb64c0dd49a61687a0a941de8aa5deaa7229fc6ab5fe2a71475579afb4e
SHA512 053b6abcc36a295cbe1d6a239e84b41323a68d250fc6570c69157ba26116b1b2306556f21c5803068d6380458894a4aa64accaaa5c61f28543bc43d7e693a9ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1e02627a37c4c6a2f2fd2a5df792a0a
SHA1 2e1a67866d6e073a6b5032c15a7fb35208036353
SHA256 96c0b50a4ddceeb3b70891acf11415b85b9a250212eabadd39f77a1c695ea378
SHA512 1fcfe8aba98428645a6281778e4434c262016ebf9980a3e2ba1eefa273efba12c9b6454e884e469b6f68c8bcf0e41cda0fd525a64a31856aff17c4dabb2c2b28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90cca238647fcfae58910c0aa49f99c5
SHA1 9cd788377c22a99c9e0af7eb8925b731abbefc14
SHA256 db10973eceeeb587155f5420556dd2d98adaa6d1d6149126640ac4eb9f45eaf1
SHA512 6e92a6e5cf62444a50b72d221b67aac1681b548df8baf5569826a4c574f39b78836e9d0f620128f9d4dc983ad41c63c2e2f34ea96cda03c22253658108cf7555

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65d867860eae8fd2830c6afe2134e27f
SHA1 2ce43b1b14778047b95aea23400632cd7f7d16a5
SHA256 2016dea477042a2bcee524aad13fba7bf39b2a454d4d8384a7dccd8fe152a24f
SHA512 194f04d2b8df20456a4fd809fa1d86a50cf4cf2fde004c7fdda369c6a2804dd7c3d417d93b83d5f4acf2cf142e7685066fef470bae2824df6b0d94bab17eb6e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bb0e3922f24e1ad349fdd034b5d9667
SHA1 279df1239d3bdd99aca7750b810a2718bfc18f99
SHA256 09cbc94e34ce40f89b652baf2559f800202f8db5be35952b86434c8d30048f9d
SHA512 dc24ba60db9c883ff3a958b239e44e334ea06b94c1cd6febf63ad1fb63530cec6f5b2c29e0662cf05c5c483d6842916e86a46a34fec5df094c7b797cc8deb8ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df561b7655c42112bf6621f9c21c1bd0
SHA1 3989496c49a522c3f18707adb98feeab8f8daf07
SHA256 e3fd4576b8ef30049450e95d5361417dbb7ff55d4972031528621805022cab34
SHA512 60e7851bc7038d4c5f375e7193170b75c073832c6e7ff7a8b50345c0ef82508006bc4c13a33e32b0df8eea84b33bd113642accd9866aaf290ac0c9e36febfd68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a15b7e3dce3fc5a02de9c2b146e15783
SHA1 b08cdc1b5affcdafe439b1c19640197b4450ebb1
SHA256 f28131b51ec0f43757dda5d5baabe362324802e4a955ccd2d6dc492bc8c3c5e5
SHA512 47b7c1d86b3fabe2648371b41d00230dfd54aed760bb14f9540b55d298db606c5ffbb553282c4f170bd3d8b8c8757f0140c82325f9169962b449369e5df3d99a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bafe5248d988f5eeb101bf794fac8b99
SHA1 1c4db60a3917197e93cd380ad6183c351b21817f
SHA256 479ec14ee145a69cadfab397b850a0d618f216032761a379b31ddf5b226184f8
SHA512 8baedaa47a54316a193d529a9407bef0f230c0c006de488f3c1b7afcfa2694ca32a705b550404b3d9eb7425de5ad1edf2f13105914b6c57de010bd0323dba636

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2540e27241d04eb7cb197d8406bbd186
SHA1 f6ea5a78044098c07e0a9a6a95945c47b4933d98
SHA256 78906330ff47c2d2354a8eb272449426b9bccb046a4d426e700c4e43f94c620f
SHA512 b881bf2bb3ce4b8f5732765e1a1aaee1ecb927758e48559064bc8fd38c4f01b66b2566066d5e88c7d6f4c1fec3ced1b0f23a7d7bfba63072b52af5ee6b38ff75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79f3c6a20d3ee9b94aea0320659db679
SHA1 b3a440dfda794d09dc80c7c809fad59dd80a5e51
SHA256 f61cf5c40740d67b9ae94e5322a0572c9c9729477fd269794b0871de0a6af52b
SHA512 c35b9c97a34faed72e7189f47ab700937ba5676d789b8b8d403c726c6d263f715187781f87ef9dd4e04d8b68c6e130d43429b4983960abeb91b7bd33ea2a8b20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92df73ad6a40ba4f7ae13d27a1a613cc
SHA1 f74d9aec384e5ef8faad3eac6301373704c12292
SHA256 4d8c6ea79b280dc779ee98e3ebc95f29a24f46a9f9edff2cdce1330610f7076a
SHA512 1b8ce73c09486a05f851ddfaad76d066d667f72d21770bbf29771a0f697f2bbafb6e70be176798b07e6c542b6087d0faa7ae719f5379cc984f5f1e07e3c3fd36

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:19

Reported

2024-06-13 10:22

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

124s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50cd2f1891358a4cf3084569ff48132_JaffaCakes118.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1416 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4340 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 4792 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 3708 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50cd2f1891358a4cf3084569ff48132_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13409161610163718188,14475620173403970270,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 pyrography.nx0.ru udp
US 8.8.8.8:53 bs.yandex.ru udp
US 8.8.8.8:53 s56.radikal.ru udp
US 8.8.8.8:53 newdomme.changeip.name udp
US 8.8.8.8:53 mc.yandex.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 pyrography.nx0.ru udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 439b5e04ca18c7fb02cf406e6eb24167
SHA1 e0c5bb6216903934726e3570b7d63295b9d28987
SHA256 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512 d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

\??\pipe\LOCAL\crashpad_1416_ZWSIITTYBQYDAFMQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e767fd33edd97d306efb6905f93252
SHA1 a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256 c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA512 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4da7dac246ae76832d919542e853b09c
SHA1 bf475f8962b3830ffe5a2f9abec775b9efef7780
SHA256 a3f0bca36c1d80f81a5e47452c34570109aadc2ce52f72fc55853c5708d8406a
SHA512 b27fbea6dd8758cf5972c807439f71b1a3f8847301a1e29288512a6171c30791a2d7c890db28e4c4f1ba64ff90b700c0f31d9c76d75aed0c370d9ea427b70d37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0e6cd37d373cb3016cbeed7c2d6b8556
SHA1 4862c6d003227a16283decbe382179bb1e441ad7
SHA256 77d5e2ae32704fd2809610327dbf43f6e1778da019e6b391b964d95f1576c429
SHA512 f0caaedf39d320499ad28831c7ca61913682e7882c18c0fcd7f2f0043e149f8f9994f1bede3f763cd6f9e9939fc86099e2a7228a85d644b6fa07a0b1569c15af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\de931079-e2d6-4ea9-8068-53c3021bd4f1.tmp

MD5 4bfb33fdb183226604a72259a25863cf
SHA1 cd6bab2c5fdfa28d30d34826d5d12bd5082a1bd7
SHA256 8239b1b9fd16381e21a207a157a98834b3503358b87ea5092ac98af83ddf6fa1
SHA512 247c4c17fe57ea30d091beb7760e4c96e807915373ba1a0f2574e56c354091de5d98b17385107d85963615d137d5381bc6a6f77fad5d4ba8a01345a2963f7e02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389