Malware Analysis Report

2024-10-19 02:45

Sample ID 240826-bcfqhswaqd
Target c1f6b9a0ba910ca283808017b91a6787_JaffaCakes118
SHA256 18a305d168beda36d383c9178249579b3e1cf21e23d51fe9ae9c9579341bb16a
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

18a305d168beda36d383c9178249579b3e1cf21e23d51fe9ae9c9579341bb16a

Threat Level: Known bad

The file c1f6b9a0ba910ca283808017b91a6787_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Legitimate hosting services abused for malware hosting/C2

Browser Information Discovery

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-26 00:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-26 00:59

Reported

2024-08-26 01:02

Platform

win7-20240704-en

Max time kernel

144s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1f6b9a0ba910ca283808017b91a6787_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430795868" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C1DB931-6346-11EF-B44F-526249468C57} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1f6b9a0ba910ca283808017b91a6787_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 script-bamz-us.googlecode.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 www.stumbleupon.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 m.iklanbariskita.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 obatkuat-herbal.web.id udp
US 8.8.8.8:53 shampononi.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 widgets.twimg.com udp
US 8.8.8.8:53 feeds.feedburner.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 xslt.alexa.com udp
US 8.8.8.8:53 track.bloglog.com udp
US 8.8.8.8:53 arenapromo.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 rumbiadalam.googlecode.com udp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 52.200.99.215:80 www.stumbleupon.com tcp
US 52.200.99.215:80 www.stumbleupon.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
DE 157.240.27.27:80 connect.facebook.net tcp
DE 157.240.27.27:80 connect.facebook.net tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
IE 172.253.116.82:80 rumbiadalam.googlecode.com tcp
FR 142.250.178.142:80 apis.google.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:80 apis.google.com tcp
US 13.248.169.48:80 yourjavascript.com tcp
IE 172.253.116.82:80 rumbiadalam.googlecode.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.105:443 resources.blogblog.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
FR 142.250.179.97:80 1.bp.blogspot.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
FR 142.250.179.78:443 sites.google.com tcp
FR 172.217.18.206:80 feeds.feedburner.com tcp
FR 172.217.18.206:80 feeds.feedburner.com tcp
FR 142.250.179.78:443 sites.google.com tcp
IE 172.253.116.82:80 rumbiadalam.googlecode.com tcp
IE 172.253.116.82:80 rumbiadalam.googlecode.com tcp
US 34.205.242.146:80 shampononi.com tcp
US 34.205.242.146:80 shampononi.com tcp
DE 157.240.27.27:443 connect.facebook.net tcp
US 52.200.99.215:443 www.stumbleupon.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
IE 74.125.193.84:443 accounts.google.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m02.amazontrust.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab84BC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 36c28093e15de662f68d1625fa5b6d8e
SHA1 0f8ebfce30e800b697dd2f7f1fbfacb0c1569303
SHA256 0d0095b8f059db90c99cb23ab6dc6fe897ad7ed04f5e5cc8488971fe151fe89a
SHA512 cfa24a1f4b615cacf7d8782a51c4528967f5ec4c73f0d7a5d74620d5b42118e31321b862a178a090ef16a869a6b5c1dfbc3503cba8b16d1d0fcb4f4c1746c2c8

C:\Users\Admin\AppData\Local\Temp\Tar84DE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79e0d63e0f8a51d7e15de8598d22c6b1
SHA1 dfd3e6db98eb270cf46f0bd493862231c2a0ecf2
SHA256 aa807d35ab7acb72331cdb04d082f06936afea722e156900e8bcf572b139c2be
SHA512 ec898f5464a1ca04546b97dea39d31aad38f4d0f72ca9900ae47249ee8300c8978838d9eadfdfc4e847ec117cd8ad9f77a5b7a0104ab61e156b7f21bd734ec45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d47b7e8a109efbba136680f863d5d11
SHA1 ec9a6d7c3e9fc67dece238a30288c420561e3eb2
SHA256 84dede6fefd834cd635ddef97c21da210d99c457573304ce7932182ca74d7f00
SHA512 f5fbc01a8e49142e107c9fbb18a0566b9b45c0d3adda2068cd6a8f7f12772a30da2b9eb5fb6363a326d9b240f19be671084a7dc7e8269053463d650fe4fa25eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 729c29c038988079541056ad8f484417
SHA1 b47e3c6546e70b03078a57e1d7ce6f7e76f705d8
SHA256 88245dc2c0c4f98c9f834e500e11c785866f3451b6ec76730753e32b9163ece0
SHA512 c5a1da994a128180ecf40aa064792d4421941b337c50d2729a12d40f80b5217dcf0166230a4f5bb45e3aad0ff3e90bece9ca89640d5a75d5363d85eac4524110

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d42cbb3c68639934627e41c305119e23
SHA1 442060bacb81234db9238e4f114c9c834acef7b1
SHA256 b9bea03181d1840b60c10d3e5b996dc0de0fc9f71f49809fcdc59b3d698e1f6e
SHA512 99dcc5505a25e550d5514e6ec9a499b63a6cecfa1ce61f0a0235dffe08e1fd413d6fc658afd9adc1361d4e6830784e425e2b9e0375e7c0251c63c2a1a51be073

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\fb[2].htm

MD5 e89f75f918dbdcee28604d4e09dd71d7
SHA1 f9d9055e9878723a12063b47d4a1a5f58c3eb1e9
SHA256 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023
SHA512 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

MD5 e935bc5762068caf3e24a2683b1b8a88
SHA1 82b70eb774c0756837fe8d7acbfeec05ecbf5463
SHA256 a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d
SHA512 bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 374bdf7457c69d049b74bd24acfb2018
SHA1 8d8ae9f0f7e26820d56f1548d4bb9e4cb71914df
SHA256 8b5163b64a55aacd9b023727b846c2fd51a2bd671d1a2a027715623132fcf1e5
SHA512 e57ee1449cca678eaecf6b9131c7b4c860ee1de28217515f8cee0c7995185fb38c18e3cceb56ebe53990a676bcc2fe1f7b9d024dedb180491b5a7d64f803415b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa05c08a519f1224477b24ea7bf16971
SHA1 2d7526e43e07de628d9ac7a7537dcc31108bd6fa
SHA256 6d258aebf43c36b755ad879d5314478056f14226d6041e369d92c8a599eab578
SHA512 2b53b4c64f24608f9a92710c7baa4485ef013d235846f8f3ce7bcaadc0c122a1a6bdb102e23ccee6dd32d9051017264d00132a396895b4dbc5a7fc45237e43bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b508f2e7cdece455199e7ce0f295e52
SHA1 b6986d18b1d075968fbf3b2b1ecc2642e83720a8
SHA256 2d5e9829f2e9f019d7267457e1b322ca8aef7812f275f626c22a9c7d2d83ca09
SHA512 885475dabb2fd10f98b4a0a38d07f1522e3e6b6c8bb3ead201928d2dd72d49c65df61fadbd898aa7195a21a90805e719dbf70eea7274bf455e4eaab1439cdf08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ead9a5182e95e9842e1c665406e18064
SHA1 0bf45a1fcbedf7576374e850cc45ddf530e21e3f
SHA256 c791006f838b8f5d85c9f34a87907a068c403567d895386d0d2c423e8d40d12a
SHA512 0ac87dcc91e575250eb2ee21c53f1d51c710d20b9bebb6f6d383bd1523e571c0ceed730db2e64bfece2e56c3f4dfbad026fcf5ad37a3e57f6c66083e27d2391f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 932cf1054b3ffa305fd04cf630426db6
SHA1 af4c9c3c3866b2543e6e523dc4f3d85c83239e48
SHA256 bd6a674f59091e0165a19a568134e4864424f087ccf105f6b6706eda30c75de3
SHA512 a6bb3f952e0b0105fca50fa978e5489a6a8a570df6f1c4f84fec08c697dea7edfb265175edb17c7e3854d7b30c40584dc16a98ae9bde2d04b4559cf3200b8fff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f307b2531d8648522357b04ff63c47d
SHA1 a0bc9d7c8d021181b5281902058f460d99384285
SHA256 7ff25d373f482b49fb8423b9ce436d3c96357c049ddcb2355b2ea8e657ce8628
SHA512 586ca99f9b54a8a25607f5c9284b84aeb892189cfce326a8900c12a586807441bc473283a50486fc5e0fe77d621e8ef21f1e309bfcd9cce68450c6d67f2650d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e5b750ba21f9fa0623c99715264af6d
SHA1 4c38c4bfc8366fa4a996d626de5be8229b199976
SHA256 4400854391d71ef783c6ec4c03e00a566a200751eba31c54965c9a0841effc14
SHA512 8a21d52ebbe3db8c287c0a51b09635aa594fb07871e14c243b6c452a19aeb845471f39a81c9c8ced81b3fecf308ae7999b60862e8532f17b268d704dbe57fac7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64945f6395f78ef046514ca9c29c4a43
SHA1 2373c4b224c798b1dbc71fd27bacc47ff88119f2
SHA256 8528e196f55edb28fa847d47d4232b501da9f2bc20fcf172a2d08aa4d17d3697
SHA512 8ce3913512f0e94ec9ad810fe20bed8bd3d63ed8cab210c041251d13859c1b7874ce736abf94ef6bb06b2f67602341632d979caf8d3bed6d5244aa4b5cbf702c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 225b807c33979d9ba47620363d693ec5
SHA1 3f46aeb433f124737b7a7fc94389c3c6aa156d92
SHA256 de4e6fa4a37e777610d9476c2762196ca217d361225a974c3f63a5e6d94f5d3d
SHA512 3d391e679752cb339ef2d6275bce64a1c4557638aa0548d55a9175c01f445cbca16ec2c4098119c9c42ba2e521a9b38d8b97b74b4c02cd11155dba23db1be102

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c30864c7a201ecf7310784a897af7e79
SHA1 b0f27ed913b08223c6a5b055d0a6f8ee5e3454d5
SHA256 63e2338c5421024f51baf458dec1cf261fb62465d78f34ada84c00514ae4bd21
SHA512 52d6d9b8b5c23841492c6c53b6b8a5de9f687802bbbd299a755a41de3c18dbbd21c0bdba299abdf31df173acedb9d5c3b82323c1bb4f7cde35597a78ab043a5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc295cdf1ed3ee8197f89cf25c56cdca
SHA1 b970d91ab53c94a3596b482d12d93404d1591194
SHA256 0c130f799c43e585c9ea1a88e9ed938fff7825f111c0d5d4cb1388fada05fe2b
SHA512 b2cc1d163c8f2d1d77ec52b425703366eabaf70f0b03965b410cec3d83edde1f1b5a9bcb71cf5fe2b388057c7ad69e9144c42f750030610a2658e57a5e7bbdec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 6a4b23a08ebaa0b5d325385ba8bbf38e
SHA1 5ee2938f35e7ad97c328f283b20dcf41049960aa
SHA256 1d29793dc95523c8df119897650b9450ad56b6c2262c1b1d516a1ae1bf8a7f22
SHA512 ba39382ce09799f70d28c9b323292ab40588c7f0481c673c9131d2406fff1cc84f01b281870c72b2977ea3449b51f94bc4c40279378786b54f63cb50accf2292

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b04ce4e16f95118dfee9c9e578ed0c9
SHA1 a4067de72ff9c6c04ce395b7ec35fbc9093d4009
SHA256 30667bb3819b480bf12feef4dfc02dfdb2d37f756e1e969455e722a683fffebf
SHA512 5ee81abd55dbf4d85608ba9c9b28d55570dc375dc824221418092682423963586b1a30aa82734c042ef56fad6096c52395468583ba0b6d7f8109fc0e2850e6a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b81e3f146ad8cb884722f96ff8e1bb37
SHA1 9483fc4103f543a45b7a1594543dfcd9666edc7e
SHA256 0b122a7ab770b73434b035616ea97b3eae37204da437051c8b89fc4d7510fa96
SHA512 3b07a276e2bf47b0f5e217d06cf45e6add1855abfc8e5724790197bbbc672aa1bb5b9fff3d5ebf1859c935419266ff62a861f8a1661d75942cbe189966b98cd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0972be75648eb76f6c5d31e1c24c4ed6
SHA1 7552351ab7f3c9b857f5ca42527bf360f54d93ca
SHA256 68e3ace903a9dd9d7bf707520dcbb05f714ce1f70d9723ac437b1a2a343c84ca
SHA512 9f88ee44ba089ea6a048aa6302cb5b86ce19d52b516cf692deb146ee2d9351fb7f0c559f3e1c0dd12516ea82c4ccc0dd86b6ed9e9b5ca674b2d0b28a9d4dcac2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdf99284cd4f46ffdcb430cf411eea1f
SHA1 ce35f37c0818c77502390dbc89bc25ef9ddc4214
SHA256 65aeaf28911d73fb98e805539d175c69e87eb20b0098557f516da20cfce9987a
SHA512 a212f9ccde4959db1081f12ed28bd0b2e747e8d9572fda319ee4f273549a1b80e9886971f0dfd94a4a6606608de26ecf1b16a3c37477ffeaf3ffda6214870c94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 6522df65c3bdd1d914867a419f96a8e5
SHA1 84370cbe4a98523c9d6a44d1fd00e9581f93f59a
SHA256 d886c12534dd1b657a755f3288c663d13e963852723264c14c06d1b7e4b263b3
SHA512 f7b75bded89db0632bd1ce07dac1362f84500ccb4b0265d5b02d624d6c32d603ef26b64d1dde58d8a8845aeb16b585b1a60f82027dd5b951ca38dd0d177a4a57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79f5440d4e0ff0798e3c27dd7a85b08b
SHA1 5a3e1d97f862b7cbba12de5fe1403d2b8f523374
SHA256 ee49f45ac551e5b4933c55b8e7fa028c7970f6b9de083851b0fd682856492cdf
SHA512 30c95a567efa3ca1ceb645c258bb5c3a2feef06f7c484ad1109666fa233c442347d518cff8f848b8e1dab1a5b940f535dc86982ee658992c10a7aa01c2b78341

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28cc6b4a84e6b4d818537eeb0f435931
SHA1 c3bb063a5ea900d88b3df0dd34fb7003c17c487b
SHA256 0a21fdad224cd867de2374ae87688fb19c7ab87c92ba21671dc914c4cd461312
SHA512 5d8e173e4b92547e13c80d6e5af9b4c3f1b69836407825797433ce5cc36b7f80c38a41f4d6e5cc190791636de67e8328eadc14739165f001a7bfbe2e72a145f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 739af2c16b8bf218287bf2cb148e20fe
SHA1 fef90c2bae18a8dc571295a9acd091463de50868
SHA256 8520b99b71bd8792bf2c424896cc8b6371ba74e52b15a18bc2d5397c02e71db1
SHA512 ccc09d46a506f8192580dd840f46bb688a76f8b03bcf2ca7eb93b4520fc263889aef2937c43c491fc30d2b7fa6c21b998ae366a1f3d3a7882e2566bb1fbdc4e0

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-26 00:59

Reported

2024-08-26 01:02

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1f6b9a0ba910ca283808017b91a6787_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2852 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 232 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 2876 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 1156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c1f6b9a0ba910ca283808017b91a6787_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff904ef46f8,0x7ff904ef4708,0x7ff904ef4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,1945198923308063656,6840974272809163111,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 yourjavascript.com udp
US 8.8.8.8:53 script-bamz-us.googlecode.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
FR 142.250.178.142:80 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.179.105:443 www.blogger.com tcp
IE 172.253.116.82:80 script-bamz-us.googlecode.com tcp
GB 104.96.173.184:445 s7.addthis.com tcp
US 8.8.8.8:53 www.stumbleupon.com udp
US 3.221.43.243:80 www.stumbleupon.com tcp
US 3.221.43.243:80 www.stumbleupon.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 142.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 105.179.250.142.in-addr.arpa udp
US 3.221.43.243:443 www.stumbleupon.com tcp
US 76.223.54.146:80 yourjavascript.com tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 widgets.twimg.com udp
DE 157.240.27.27:80 connect.facebook.net tcp
US 76.223.54.146:80 yourjavascript.com tcp
US 8.8.8.8:53 243.43.221.3.in-addr.arpa udp
US 8.8.8.8:53 146.54.223.76.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 translate.google.com udp
FR 172.217.20.206:445 translate.google.com tcp
US 8.8.8.8:53 translate.google.com udp
FR 172.217.20.206:139 translate.google.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

\??\pipe\LOCAL\crashpad_2852_XZRHVKRXKVLUGWDR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53bc70ecb115bdbabe67620c416fe9b3
SHA1 af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256 b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512 cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39e5e346e0e9b37c7d68f632a3c26c20
SHA1 36a1976f548d043ab3d37f9ceeaac191cfbd0a49
SHA256 5fc9770ff9dde6102b1ba995e3477f24bdff583b04d4e0b61dba90ad2be87250
SHA512 7d3a13d4c00e58fcdc2507a486619156cc76ea3f01cca67ff40fcaaddb831a0d1074968f5d62a36bf6417f2bbae2c708ac1d8c04133b2b91b518a311120d7143

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 90fda903001fdcd41bc9f39559fb6730
SHA1 a96fb90ce2460db036b01a74438621b0bc477ae8
SHA256 375782541aa2e3d84b38927ab16453bf765108da62a686d52b0e9f38a8f11feb
SHA512 2e88184e98dbbc803c4496c8fcd7808ba6634e08b0ad7a7b1b0d8d661ed13bb006c3ade07b870fd3bab01423b7e5d0a89b00c6c174f0dc788cd18aee7134b429

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ee406cb4c1de5f298492e96c8afa94c9
SHA1 9893905a9733e69571b6a36bdaf7ec8d898c8823
SHA256 aa449d3ad398c602e8987461698f4417bc9fed88a96f1cac86fc4de3fbdf9b88
SHA512 c4e096930ec6466a8a6ffa33fa5b8a6d969dfc64431b3eec0c2d4d952642af516445fe4b00e1a18228f0bcf26299c500932ec6a509733e971678b6bf72693bc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 681c3b0da76e06a54ec68a0ac9d1f25c
SHA1 c4423febf05535aaf20c6d87e4e8bbd47198409b
SHA256 0ea39fa6cfd5e30ff06f50810bcd7fce537d061988075f0cee2b1e4037698d2c
SHA512 fb77035255ec52a0ebdc4872be652ba941c9b5b497c5ff58ff75be01cc4b3ece485cc107a4fb9bdf4d1c4d61880e951938145b9b8a4ceb2e9e6e300408ad191d