Malware Analysis Report

2024-12-06 03:27

Sample ID 241029-vaw49sxblj
Target 7c33ebeabbec9081f245d83ab438edc4_JaffaCakes118
SHA256 0edf06bf7121774f0cd0c835bfe7be1915797b7fd7235be97f332501666a6c91
Tags
socgholish discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0edf06bf7121774f0cd0c835bfe7be1915797b7fd7235be97f332501666a6c91

Threat Level: Known bad

The file 7c33ebeabbec9081f245d83ab438edc4_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

socgholish discovery downloader

SocGholish

Socgholish family

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-29 16:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-29 16:47

Reported

2024-10-29 16:50

Platform

win7-20240708-en

Max time kernel

142s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7c33ebeabbec9081f245d83ab438edc4_JaffaCakes118.html

Signatures

SocGholish

downloader socgholish

Socgholish family

socgholish

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009c72d58b0999ab4c8d69c48fface94ab00000000020000000000106600000001000020000000920f7c67be878a9fae086a3a904c656bdcb125f1f2a2c6470d36a8794f9f5552000000000e8000000002000020000000b7482ab625a487aefb1b1394037b5852b2133e068da5f58662cd11a473eae74d200000008050805bc766fe7e86f1c737c1efbc099f40cd15c3737019c6c194f6abe627de400000004fd6bd929ce3bebf2eff6093d408e626fcac9aca54bd7a3b036e657db1b29ddc01e73f6987a837b57d71d2a689e64c3e26683a4c2f08e8ee591621adff89b97e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88C99A81-9615-11EF-80BD-DAEE53C76889} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0a76360222adb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009c72d58b0999ab4c8d69c48fface94ab00000000020000000000106600000001000020000000b9be57a67f4375f96edcbab51352292395416d59c83b25397fb609231250e7fa000000000e8000000002000020000000ccb45fd9076c7a9b12f6706823902f226c0b54e46b50b7165794e314b4d3aadc90000000fd6662e880afc9e611ce6ff78bac78de83b5b44f6262a49ca0cf7c079edce67a8ecaddf5dbbb1a46891e7c981abe37634bac3925b62e723a937ada850bebfc734e090fd73ecb6f0d3b69fe7b20ce9cd200b2ece69eea8644eb0f8360d67c88ac7a900cb277fe3f2d11d0bbb4d23abd30f25641aa93946c03d7b162d3049d4bc7e164c4a3c117ea77a1532ad3a16bcaa2400000009d4838f8aa5a25098774a6baaa908ab7c3cecd316a30788ebad4ffaa97bc755e1606cef5bd536545d051a2ca04e5c373b4269afe33e086439831da4197c4fdeb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436382338" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7c33ebeabbec9081f245d83ab438edc4_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
GB 142.250.178.9:443 www.blogger.com tcp
GB 142.250.178.9:443 www.blogger.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
GB 142.250.187.195:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.180.3:80 o.pki.goog tcp
GB 142.250.180.3:80 o.pki.goog tcp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 blogger-plugins.googlecode.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 www.linkwithin.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
GB 142.250.200.46:443 apis.google.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.200.42:80 ajax.googleapis.com tcp
GB 142.250.200.46:443 apis.google.com tcp
US 67.199.248.11:80 bit.ly tcp
US 67.199.248.11:80 bit.ly tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
NL 172.217.218.82:80 blogger-plugins.googlecode.com tcp
NL 172.217.218.82:80 blogger-plugins.googlecode.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:80 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabAD03.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarADA2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fd64e39d0bb714589457025244c7e1c
SHA1 c2d926a8c0c7ace83d870c29b5440b4225a0c9ad
SHA256 b8b81031b246cbf4e724a33a89428a74bf2e245a5e870946f2b675d6192d7413
SHA512 326879e1f72221369859c253c16ecf0c5ca0f7017021c10e82f17be492c99fa08d8a3063629ba62605726668471ce63a6f8447ea00a6394246a7a7c628d7c797

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e524828d4d6c11f7c4187741715597a6
SHA1 e972a87179ba0e6640c4ed6fb922bbb26280effa
SHA256 12e41319bcc145bac03a1844f63ae6fd3e417b73e6c349c7e8a91c3972cdfae4
SHA512 b827800089df56fc1d6a612cbae5bcbad8b9c09dbabe0ca17ccba0a47ac03c061170780b5ccced94cd2c4f77f23cf63b22a3242d885b3c0a36d9ca127b1a8ab6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 727c45ff9e40a301ecc01c85b44826ef
SHA1 e91c85342d1b2dec13f97952d7a2edd379caf0ab
SHA256 3474636d4631a99ba92fd22f37f2e8aef949c0e1d6ca0f69d7df7d2ac26e2bfb
SHA512 f9a444f07c4ef4865ed4108165f16adc1ff77d6e099d76170d8ce9ac963d90875319a60e0237890efad8e59a5f72cbd0b4409fc4ddfb8a91165f8dc346016685

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb7f4f640fdcdfe1261a6ee4373e3857
SHA1 1d7f1100424ee2ec5c33708dfc53d457745573a5
SHA256 8613b409d682b1e0f007b51daadf5f7897aae1148a01eae0599b7011ed68bb73
SHA512 ebf441ba72fa51517036739fffc4ee22b7b183f7c2b840a9d1e9fa5c537073ef14e5f4d1a809559186ff507dbc6ad9b87a884406f176f56c1a503a75152eaecc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f94fb40de678eb957c18ff62d9f0f25
SHA1 23801116eddedcebef365330335b3ab78bd09675
SHA256 43c9c659e695781af71768156d373d9fcbfcd21aaacc2074d489361e3c6f677a
SHA512 4f278cdc2536c2ba166c8187c73f68f7ebdf9053aa6e92514dfc7d06a1b133ef070626ad2bf181dbc68435e0b793c779c738479286a5a613658587c47e12a260

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99c8d81f1d81f2d21373ed4692324596
SHA1 42a2b40a7c0b64eda828608d943640174f1b3a3d
SHA256 e808560e65afb7cbe625481505161563e1833dee7c2749bc1f11c5eaafccbd27
SHA512 c08d4fb8dab73835603dee128698978f2e0da4171072cd7deadbc9a051beab7ad56e5956a16f80bbc16cd1c75d9380bcb4475f1c6598f6d1a517897f21e3b604

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a63af406ef4140d1327e238e212e4e6
SHA1 eaae50fdbdb1864ed02b2e9e2911b45790947d32
SHA256 f2a8c677de7391c01cc0b9fb60920a412c947545c9c8365029de923c601fade5
SHA512 3db1f2a5f6d942092ea34e0c95e2b0ce17d5ae335c754228580af8825bcbd3b1e1d31e4cf9822b76cde743c26745571463a2da1f549af94d4919c46fb3a8db03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 caf1a906ceb2545b4bf8d440b16855b3
SHA1 7f5a25f0de2c0a75e09d01d48dc3cfc646080f44
SHA256 9cd3b9fd062b679e756d170e2659e96fda85a94cc18c27da46b5c1c18c3f25f5
SHA512 3cde47756b352e2359d93b138e4e40ed08320c4b5d360d3a99dd64c8d0895ef3b5f428fdf881357658a4f1d27bfb3833a7540b400fee7a3fa37376307bc66479

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c3954909789baef050e1285d1b07669
SHA1 c41da26818f0ce48b61d0203e7de525c9c3ff0b8
SHA256 f661d27bc692ca91afce3b406febc0851ef4ec42c23fc3e2a55b88f060d8aa8f
SHA512 10773bd2e80ac59462876a931726ac82ee94b21193e5c5982e3007095626e87331c818d920e150b72782ce0013f8415bec62f4eab489703c550c3ad544b1ad7d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56867820bbb9f6138651b1999dc66c2d
SHA1 764cbb2cdd9d90cdaf7869f9a25b9d15d0b136dd
SHA256 7910b5cc4ce3cdf396f8474af3b1c626b992efcc8da540a5617dfb45cb3c4008
SHA512 8dfab8f52f8372e93a199b619a13d5474f97b89177c2b8670e2e51ef7ac3f4e34810a50ac455e018bc6f301c5d28bf16da8a3e9cee27088dbc38bda3e9421c32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4a83b0cac01845bebdace9e96c9be20
SHA1 6a5b6cccd3cc9e33b1d426310861cfe4f67e1ec4
SHA256 1f9ddd2e7398b957e03e95c78863b4c69aeb352540f12390aca4061b74c293b7
SHA512 556ee2d803b6ada252d0f13c3dcce57d0335b01c42995315c0ae1bc8ac2a7c4e7e3cef8f08ddc5fd02c87b16387598a0b1d8f2e120f1553e7c8827367d768256

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21d620f944c8fcd17640e6d5c1022cae
SHA1 a3e77c0bb51db6fb2d0044c03780af2f3fc0ee5a
SHA256 bb99d2b146fd65db0c964382661cca83ce5254de71b7c06b78d894ff08fae88a
SHA512 b03b93a1cb61e32dc9bcdb25ee3dda33849767c1b7a023477724516c5306218282c145c99c6fb69cc87ddef8c082393b82c34753931bbdf403df5774b1227bff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57a522dcad32e99b9da016561b0abe81
SHA1 17d4112671bb0398abaa91fefcd6793d2bb7ed98
SHA256 d6956d91ecd5977d39db53f7ee35757180fda22064c37ddc5d42804ac76faba5
SHA512 ad6fb5971edba7818d4b0328ce5ed62b191e318d4978367a29ff287a3db48592ed717dd63505a557e79afe097ffbae58eaddedb05df5c31d11833c075cf6be0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4b93d78034113cd04884a8a2513f6941
SHA1 86cdcfda55ef4e0eeafa7b186aac054b3d4d7471
SHA256 9fa94bf4ae65abbedffbd992a36c25a580a31e3d08bc90247fbc6204d8a0ab8b
SHA512 271ef539fc710a64418f2b64964f0ea3e46a1a755d91fd6bd6ed499e51082ff812f08f402f6575f76c80380f9775554cbaca7fdb9496d582877eaee9d355a545

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1ca5d19139aa6994f7febf81b383471
SHA1 dfedb5bb4e4548c72a2c9472a5172defee5f9f2a
SHA256 ff5983fd145b50f6d62efc79c25cef455dd7c1d261b9b4f65a1630a1d08b4d0b
SHA512 c3f31c0b0eedf331580630e4613508b9dff29c716c510977cf1a8f23266c1e5c52734a67f50ad2d739e7c50a6693a498822f8eacbdf60b8d2f96f3eec59e9946

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c55298a0de9734c566313bd99a3f27ac
SHA1 aed4182f49f6dbb031703dcea5ad9b998ed67cfc
SHA256 af3199cae5c57c93b6676920bebdf3e0970ce2b1ec3eedd86af967790cc8c7ad
SHA512 9d431e942ce94d88fd6a312717e81deb34f2c77a451633f9bf5d10c5a4e8e21a4c2c7d54d489bc82da5b43d8ce4b0583d395a40833ae3bf0c294a91cbf37569b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db4a40ae4717cb831828d033238a274a
SHA1 256b0f6a366ec0997898b28b6f472bd74d1a30d0
SHA256 9366b54dbed751577358c118468c585342106ca709d91c59fa27e290138829bd
SHA512 54e17501fa78e3d9a5e0b2087b1042b652f16012b230d43fa72fcfb5ecd9faa163129b62a7e2071998c3412921f766bd77c0d030c1afc86d62ee1f993fed79f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 453a854ef6bda886be1bd0ba867c9e0b
SHA1 51bdcd7d3837db4fb1bc3f0756138f11a6f1f2e6
SHA256 019f29babe7f695d295f4cd04752a7cd5bbcc94a5525004b9521dc88fc1802d2
SHA512 429185f033cd91c0d966519b2777b6b5980c7445bd8da8bb1b2ed3ab770658814d194f537284924cb81b15026b2e1d6cbfa18e5f23a8e58aa3725073d0aee5a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a4d7c82360d7e9a4dad37d208ad5cd9a
SHA1 a75d609a8abfbfd1c52bd3397349193de81b657c
SHA256 fb66479633c854acaaab77f5f2957028c990bf5ac8e70e64a46e243d8d34b0c9
SHA512 7b6b3cf49f42c6a7b112fcb26d1070915f169f67c6d37e7ba35b57c302438b3c81e3e4fe1711fd0351be7a2e140227615e68133b16985b5a34b746df63cc9c2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 021faca7f3619a4f57675d47c46c701f
SHA1 36294786e33c4b8fb62e4278a8682c145c91b31b
SHA256 f4da9e0849bc31bc9548eb40df58fc03cdbf8c202d93096dcdbd64ad5276d322
SHA512 4bd47ed6040fd98f4f920a6f581b1bea342eff1abe857042768d02845235198f763013afd7afc0d868e038fb1ce259594cc33fc66167fe4e59a8f9945dc35875

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2ca25a2b27e9cc82a3f3a6c9ff8315a
SHA1 3b4197182f9d05916b8420cada12af630464faf3
SHA256 a8ff5d28cc80fdc098f8de516718756b7d86d554bec8c26a72338eed194f9955
SHA512 65afab10d407b192e7fe4a66b093f0c85404bba47c2d4af36210d45d360adab726294c2fd331339a13640b9f5b86dc590411bfa787a15fba3f110129178d5cdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63a764232342b7e087e68488f2735106
SHA1 185c36e7d60fd9dd2501992d59d79788473fb217
SHA256 71e0a85f43fcf7d965398e6c2278ff91c503371c90a63c6ae0c8d8449b4b23a4
SHA512 806138c4a8b5f6a8cb14722ef252368a8eda38b90adb09784e6fd6fb87f6dfd40e029ae6c57cb044d54be8da58f81ff17895e7b477e3515ffbcb57f843b060cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c801004d60c2500a6889957639e00af7
SHA1 eb85876c4b07ef76c056b816bebda682328ffe44
SHA256 29946533205f652bebc190087cccb05d44c08bee68faaa4ada12e2f52e8b1552
SHA512 52563172da06f713ca008f09b327208485007cb19dcacc2055cd9152b0a59c9044e787997557dd4cc4b32616cb36e63fb21393ce8a4d41ae89fe66ff774cf524

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-29 16:47

Reported

2024-10-29 16:50

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

158s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7c33ebeabbec9081f245d83ab438edc4_JaffaCakes118.html

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4480 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 4808 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1668 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4480 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7c33ebeabbec9081f245d83ab438edc4_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff911c046f8,0x7ff911c04708,0x7ff911c04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2328 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2352,4868026705192349818,9060483300295702555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4124 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 blogger-plugins.googlecode.com udp
US 8.8.8.8:53 bit.ly udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ads.lfstmedia.com udp
GB 142.250.178.9:443 www.blogger.com tcp
US 67.199.248.10:80 bit.ly tcp
GB 142.250.200.46:443 apis.google.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
NL 172.217.218.82:80 blogger-plugins.googlecode.com tcp
DE 116.202.166.16:445 ads.lfstmedia.com tcp
US 8.8.8.8:53 www.linkwithin.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.178.9:443 www.blogger.com udp
SG 118.139.179.30:80 www.linkwithin.com tcp
GB 142.250.200.46:443 apis.google.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 img2.blogblog.com udp
US 8.8.8.8:53 img1.blogblog.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
GB 142.250.178.9:443 img1.blogblog.com tcp
SG 118.139.179.30:80 www.linkwithin.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.178.9:443 img1.blogblog.com udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.248.199.67.in-addr.arpa udp
US 8.8.8.8:53 82.218.217.172.in-addr.arpa udp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 30.179.139.118.in-addr.arpa udp
DE 116.202.166.18:445 ads.lfstmedia.com tcp
DE 116.202.166.13:445 ads.lfstmedia.com tcp
US 8.8.8.8:53 ads.lfstmedia.com udp
DE 116.202.166.18:139 ads.lfstmedia.com tcp
GB 172.217.169.34:445 pagead2.googlesyndication.com tcp
GB 142.250.178.2:139 pagead2.googlesyndication.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.1:445 themes.googleusercontent.com tcp
US 8.8.8.8:53 themes.googleusercontent.com udp
GB 142.250.200.1:139 themes.googleusercontent.com tcp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 www.blogblog.com udp
GB 142.250.178.9:445 www.blogblog.com tcp
US 8.8.8.8:53 www.blogblog.com udp
US 8.8.8.8:53 ads.lfstmedia.com udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
DE 116.202.166.18:445 ads.lfstmedia.com tcp
DE 116.202.166.16:445 ads.lfstmedia.com tcp
DE 116.202.166.13:445 ads.lfstmedia.com tcp
US 8.8.8.8:53 ads.lfstmedia.com udp
DE 116.202.166.16:139 ads.lfstmedia.com tcp
GB 142.250.178.9:443 www.blogblog.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:80 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 trollites.blogspot.com udp
GB 142.250.178.1:80 trollites.blogspot.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1699db580ef36416a2b72c040e74b9ac
SHA1 27b9301a8e26218aa1b1e969db80b0955674a444
SHA256 dc9b3cc8ce8194d00a145bdf02cff2b6d732741677cac7c6dd74b031c3ad015d
SHA512 b92d7624a71a3a586e7d2a038354262a2dcccdedff7cc825306c657cdbafb8486e772842e0bd7ce1c81b7c28d08444f7527e225179eecb7d255e55af4e58df99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4288de4f9d73a2a3a88e2ceb54d72790
SHA1 c5e3ab334ee51816fe3836d49d3262525151f5ee
SHA256 7fe4efc3ea94831b248f661b3768fb09c881b2c64ec03d1780c9f531c7df381f
SHA512 c575de1958b61adcaf0dcf4a54976abd75d9237b64b090ec222c72d64ddd3e1b205e95e816886564de4b3eef7fa86a38e24b2c7720ee69864ce26ae82a36c45c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c0ea831fb71f0b0bb783f23a9827900
SHA1 11205e144ec763f21e52eceede2efa5b7932657f
SHA256 3c04e5e93ce401e980e4d1d8d91e58d23d8ffb8344001b2171580c7222bae179
SHA512 9b75dfb026bb471dd858368a2c2bdcb4ed8b9fb16559e267c2c197d675b592f03604ab67eda85c76d82ff09a28b8710714ff2e9b25c9f322d5baa0c658db9677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4aed347342d9b40218616cf46cfa1ddd
SHA1 bfd32938b3cbb672b30e3900edfec42f90c7b5e6
SHA256 3c7c13c5fec7a300a83eaca5b66e002ccfee588b3d4e1ac18f064f199518b617
SHA512 38f3c25f851db9a52c4ba92d14a71db4a4244e0222b473628b7bf3a60704d6ef9af83c20da2dfd718ab76960b9e9389b624045f40b85efa0126baa5bdd939d6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5b8e81534092203b804d2abc893ae716
SHA1 2650869d6f822e0338a924317492c68050185e96
SHA256 12f311464985ee5d35e936f6bff7b005ea911854549782f9686d585491fbceba
SHA512 7bb8dffa831512d4b6d055673275269039c04da91443d63ff890626c4df9e7470a32bf0ea518cc53973dd8b562da3066060fd14b145c0c21be54bce7e0d53918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eeb71c71c3ae7d7737e0b0daa3d43d4e
SHA1 e50b9480f1f03f32268390a34fb80474ee8d63a5
SHA256 101be03f0ada1bd9e6b220f89119c9080414a19d13cbc82d3b07e9ae13df8473
SHA512 d183b77d70ba836b1a9d1ea7529a2c0c3eb4d74bfb0b83cf5e0a7d750e4e537794290b97629db4dd4cda8d14c5ce8228546593f66eca8a473b87aa9819f91075