Analysis Overview
SHA256
dd5b4ab215e44263b79618777042999101fff36b954a987152d94679c6e8fc23
Threat Level: Known bad
The file ef8c489aa69327094f8a8508af065451_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
SocGholish
Socgholish family
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-14 15:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-14 15:55
Reported
2024-12-14 15:57
Platform
win7-20240903-en
Max time kernel
141s
Max time network
145s
Command Line
Signatures
SocGholish
Socgholish family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C62FC2E1-BA33-11EF-976E-62CAC36041A9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440353569" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1680 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1680 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1680 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1680 wrote to memory of 2332 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ef8c489aa69327094f8a8508af065451_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.intensedebate.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | www.bloglovin.com | udp |
| US | 8.8.8.8:53 | ambassador-api.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.bhcosmetics.com | udp |
| US | 8.8.8.8:53 | ad.linksynergy.com | udp |
| US | 8.8.8.8:53 | images.julep.com | udp |
| US | 8.8.8.8:53 | images.brandbacker.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | greenlava-code.googlecode.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 52.217.226.9:443 | ambassador-api.s3.amazonaws.com | tcp |
| US | 52.217.226.9:443 | ambassador-api.s3.amazonaws.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 142.250.179.98:80 | pagead2.googlesyndication.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| US | 192.0.123.246:80 | www.intensedebate.com | tcp |
| FR | 142.250.179.98:80 | pagead2.googlesyndication.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| US | 35.212.67.244:80 | ad.linksynergy.com | tcp |
| US | 35.212.67.244:80 | ad.linksynergy.com | tcp |
| US | 192.0.123.246:80 | www.intensedebate.com | tcp |
| US | 35.212.67.244:80 | ad.linksynergy.com | tcp |
| FR | 216.58.214.170:80 | ajax.googleapis.com | tcp |
| FR | 216.58.214.170:80 | ajax.googleapis.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 104.26.2.87:80 | www.bloglovin.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 104.26.2.87:80 | www.bloglovin.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| NL | 142.250.102.82:80 | greenlava-code.googlecode.com | tcp |
| NL | 142.250.102.82:80 | greenlava-code.googlecode.com | tcp |
| US | 104.26.13.230:80 | images.brandbacker.com | tcp |
| US | 104.26.13.230:80 | images.brandbacker.com | tcp |
| US | 104.21.52.129:80 | www.bhcosmetics.com | tcp |
| US | 104.21.52.129:80 | www.bhcosmetics.com | tcp |
| FR | 216.58.215.33:443 | 1.bp.blogspot.com | tcp |
| US | 104.26.2.87:443 | www.bloglovin.com | tcp |
| US | 8.8.8.8:53 | www.revolutionbeauty.com | udp |
| US | 104.19.147.50:443 | www.revolutionbeauty.com | tcp |
| US | 104.19.147.50:443 | www.revolutionbeauty.com | tcp |
| US | 35.212.67.244:443 | ad.linksynergy.com | tcp |
| US | 35.212.67.244:443 | ad.linksynergy.com | tcp |
| US | 35.212.67.244:443 | ad.linksynergy.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.215.33:443 | 1.bp.blogspot.com | tcp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| FR | 216.58.215.33:443 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| FR | 142.250.179.67:80 | o.pki.goog | tcp |
| US | 216.239.32.178:80 | www.google-analytics.com | tcp |
| US | 216.239.32.178:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| FR | 142.250.178.142:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| FR | 13.249.8.192:80 | ocsp.r2m01.amazontrust.com | tcp |
| FR | 13.249.8.192:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.83:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9F6D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | abdb730a06104969b7a660d11721e01f |
| SHA1 | 2332d561c62d52593e593a909e5dd30ea41686a2 |
| SHA256 | b7ab30778840a1088f6805c42b3950cd980f0b50a6f87a5f9cc9ca0946c8697e |
| SHA512 | f2ee053cbb05f25e9a3cb2252d9e2ba891111bc39a132fbb891dd945bd25c27e5b1f255dc8a11f65273ba65c80e07e27c87ffcc5e1e30289406b8f279542fb03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | da6966ca5c666d8080197287588ef9cc |
| SHA1 | 1d563b68db87686022b0ba382dcb63179538a2fa |
| SHA256 | 11245dadbabc07be60b65a933d6e9447e1f59e4241548656dbfc6de17ead4e29 |
| SHA512 | 70601b97200c59b58e7dac88c53b15807412023cece909987c05801d248bc144c8572b149b8f6d1f15dc6fae7a341e24cb202acaca93e240211ccd5fc710d9f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | b6cd25a3817b0b541a53d36d46523c1b |
| SHA1 | 432cea1820281f91b96960780613157e98e129ab |
| SHA256 | 9d2303a292e76376d4e1e46f50821b44c8983347367fb37729888b73a9535105 |
| SHA512 | dcdfbafc58882d407be36e178aa75325dac46de076b5cf291c8000244bfdeb4a68d0225913eca436e7a6b67b1a5855f18fc6db529d8caf38a7ec377ec8e64f86 |
C:\Users\Admin\AppData\Local\Temp\TarA02D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41b4b7860bdce6d63305d704416e3933 |
| SHA1 | c4bf2040d1731929ff13752ce867ee7caa7c603f |
| SHA256 | 37bafcc9343b05a75c747bf07a70657433c1d9a09e2264f1bbb45819128804b1 |
| SHA512 | b6030730d9525f538d8343dd291347a267040bd267bf283da9aec830e3eb94608dd83ae11474facd9ffb1128d36c984e58d9383f3fa22ab9da2dbd51576cf5fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7acbf08fea839ebabec161305de475b9 |
| SHA1 | 8176ee220e9c7e11b4df522a091921074307a599 |
| SHA256 | d93ccabd93233471edbaf494a863aed48c5a4eb47e5ba5e55cd603f6d74918ce |
| SHA512 | 50388ce65c1e4b52a08171055f415537d5b2ba64851f5c6d28ecd52728c64ebd92cf39c3178ec911034a79bd432701330a7b6f6ab62a1e63c8551231797bab6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ebe756ca424a389f874fd79c5228c86 |
| SHA1 | 0be61966bfda314d8f712a13fc77c5dbde10028a |
| SHA256 | a1ac07f4431c9f8c389a8c80dec6ed2f9f852d03beefece0797f92dfb1522743 |
| SHA512 | 63ea673a79718472beb0d350dbfa0b55c7c52538c2e625b2f966087edabd5bb7c53ef1e83f0498dc198857c089ec3b538b77a5f3cc969bd0177dcb60284b9c12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
| MD5 | 285ec909c4ab0d2d57f5086b225799aa |
| SHA1 | d89e3bd43d5d909b47a18977aa9d5ce36cee184c |
| SHA256 | 68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b |
| SHA512 | 4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
| MD5 | 824eeb632d548407964f626e707aee77 |
| SHA1 | b70e86ca220a947de760084bac52518d7b1a141d |
| SHA256 | ef541af44dc809bcb6ade8e15d9595d14900d784e9f3a95da3c5b9662f1e8794 |
| SHA512 | 590417e880401afb086f95a361c97492045f2491f85e0f84884c2532a612b08cd878f44cba5126d2549762eb3301faba75280c43625dfa97edde5c0dbfd847fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 876bf84fc770a0f1107bcad5ffd2e1de |
| SHA1 | 2f4042fc8da15e416e2e3d132646e4b7dcbebbae |
| SHA256 | d4f8446d1217c58878c92bbffab4e6e424249eb41c6e39cd39f8639fbf830115 |
| SHA512 | 48cbfd61e1fc40b7c3d0f901c42d95437001751727b39d4cac4bef0b64bf271eb0c1cb9f3f4424defb007c3c37fdf7189f481c38a7806658bd98a175912a908a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d8f6264f2ff405b0da4731deac703f0 |
| SHA1 | 30fdc76ab8d20735ca552fa4ab690fef501f1099 |
| SHA256 | 2fcaf9e33b9f6093f8e6e710f6e4287b93210cf6fe2fb3d791cfd10d1265cf70 |
| SHA512 | 1703a3fcf7c63fb4a0a542af824bb1b9dbabc0c676dd2cb053c2928e3e784d642e69a78a18d424736531c72be586f4a9d84ac3fec0c8b825102fa681d97e66bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26b9b69031dc0ca79c70233d90049e1c |
| SHA1 | 904057a19e3176bbf877a977351d512b64985a1b |
| SHA256 | cb968e7577e5aded027eb05703cad5f05d5fbf1bd9ba6356e3cbbf950c2526b4 |
| SHA512 | d3c3689982fb65e28161c1e4e32d5d6000acb92024ed38c27e3bc7c497d441c04d6de03d65c5dbf7a37ad54e7bc28410e3f10ca5c91396a95be3194c2885baff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 334f47bf8de168af1516f28da1cfb755 |
| SHA1 | e87bc3caea432c836b0bb407dc3451954a2a91fe |
| SHA256 | d6d568ff18cc0cd0247fbef09a47e60a81af51b7596ab8199e13cf8f6e042a5f |
| SHA512 | 7dacf31c2ba825c21885f26839b7eaade088e8e0e81167d292d2bd3b380d50c22ecb5b7cc230e17444fb677571bd12777c0b638968ee5d2cacf1f06a24cb544d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e45400de48ec10079c3cf0abe910d772 |
| SHA1 | 6bed609900fad6fb30604c127d4cda36183c6b12 |
| SHA256 | 67b10c5015491d3b0521f1b2ed5c8cba2ece886647cb9e2bcf02e0a947b1701c |
| SHA512 | bbaaa4f3ec234a499f0060b76f9d47d7008298f2f50b2de0f9814efa83faafc3910e82ac21905f855a504ebc7b4a28317ee77b97b89e5b86364a83d957b01ec7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | c880206fa21fe7f383888d8ebb9c4df3 |
| SHA1 | 2d8ea6d5c6f9f6d8b6bff1b77f05bd03a2a195f3 |
| SHA256 | 4d3e4db91f79127555c6d6b031daa1d9cc29cce491d48bf0a9b561ac929084b9 |
| SHA512 | 1f524c86f014cb049c26dabd42e68e6ba983ad2e45353ee71a3a87c23b28b823614846418ae87f79419bd4da0d731ca30790df4ef1a62bcb902c28d04a118e27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84363e04bad2abf0513a229b73e239c1 |
| SHA1 | ff31acdb57f7a3d668546659e9ac8a86350f938a |
| SHA256 | 024da3cf0bed10b96ecdb069eca6fecca68e4d55dc3e15437fa2d2945f2ff6fb |
| SHA512 | 6d6efacffc96bd26375e536fe4e1f04ec494a65871a5dbda1512780781d8962b60cd2e06150c83a94af9199ae29450d2fd8fab0e6573c733be75a3091d0eb4ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f2bed0be74964271c95bd5cda10a80d |
| SHA1 | b2f9ef60decdcd3cf1d97a6a7bb9bc351f13cf34 |
| SHA256 | c2b6f8dfbb9902b7d8ecdd203946cc34096061cef1162131ae4f0ade4b62d9b8 |
| SHA512 | fddaefb014961b05ac0c94c4746ae4063925ef3ed18fd928a363b50c7bcfccd0a8c6b0df980862d30546e317888f2f9c3a8e633ee28388a330aa0bc9832091fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0058ecfb49d040e613782784be0c0c84 |
| SHA1 | da3e701ec3836a92f1b2ec2a6978f076c87aadf3 |
| SHA256 | 74209ff357b42b35d4f4184dcd12cdaac0f77976ba251899da4c8a5feabfefed |
| SHA512 | fafadf6a573b86a43b4e6c68bb1104a48b3fd55c52bbadbf183b4e19dcf1dd130a2f344ce5f2903ff89b7a075462473afcbb706dd3234c04afb9d0c678cb1a7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 825751e92159ddc1ad1abb30ceae7b7f |
| SHA1 | fca6166a55f33c0e41c5ed0ef8758dd9b87f3a6c |
| SHA256 | 582b66a5f16e9f97c201ffc579b1c7ad7f5b479ed764606ed3d721ed43db8f12 |
| SHA512 | 1af16bfa444b737c1fb102a971e6f2fc947032c610c81ee834862cdf73a34e3909ddb7d65bbfb5b28f50c3d89a2c5c5788c54c80c63cfa34d3a08718104ed121 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32730fa853ef9abc9f168f08224a9cea |
| SHA1 | 15641b0488f71df4f56ec6daad8a3e403aad3188 |
| SHA256 | 3ca1f38e2678d18797663d234bceefc7733e88a6389dde1f2f01a74835a8a210 |
| SHA512 | 281661d8c7c3b1a7148a9aa10d16ca71b7bc6e466da8b874b3bdcc3a703522998eb43413d3a09661abe9a234c4e327e26d1f135e003515a0e55de9277c68760e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcce4305710ad3c7fab394afdab91276 |
| SHA1 | 1b38570a99299a202dd38b0e0f4be8f6ea7c1169 |
| SHA256 | 430caeb926e3eb3090032fd8d000f5bcc93846d10898d613a72ab0fb6a2f7161 |
| SHA512 | 3bd706740ad760dabb36c63a4c39c93f85221bdd4500af43a5e9f1d563afc26cbcafdf7046259dd78b73c0433d1d0ef00a9716bb9f539db0caea89f7a0bc1d3c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOGPI1N2\plusone[1].js
| MD5 | 3c91ec4a05ec32f698b60dc011298dd8 |
| SHA1 | f10f0516a67aaf4590d49159cf9d36312653a55e |
| SHA256 | 96b335b41362fd966c7e5e547db375ef0be7dcb2aec66bf3646782eeaed4b2cf |
| SHA512 | 05345e754b39e9f83514bc3e14b52f3cbf321738fd7d973da55db99035b11b4152fedce2c203eb34376cc9e18571db514ff9fbcb4174a2dd7cca7e439cd25944 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fe9b710447f10bfe3241fb8a9dd5ab2 |
| SHA1 | 078f2c9ed150cedc3220481880110af3fc4c1e63 |
| SHA256 | b2733fc513b93af6d95bda656abebe33e467c52438752dae7a2accd109325f97 |
| SHA512 | 89dcc61ad84accc208d144e1ebaca8a515778d5a05430e87e125d895dfdc50de529ef3cf64fa60c06e639171b6792b0ba946b0acbc47c0112a1e586471b3f3ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d72352d3a6d093cad665202f3e56ff38 |
| SHA1 | 84a8dcb42e153d2ba38f14b1e05746010a34aa65 |
| SHA256 | a97eac18cb5668fc7af7b3a1b293690602ba0489066ccff09bef30b7f09a7e34 |
| SHA512 | c52e5d61af323b6af7bc6b9271fbb40c5d5b09f3ede22f46dd4202571209918ac80fec9a8a46cbd902605e488b7764e5fd69253ce12e81da87d46ad8ee8b5c38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68d00d073c984a6d0bd33b1e1c2be86e |
| SHA1 | 0632451e52cd6998366ce566a755d556b6a871f8 |
| SHA256 | bca8404f43c40631b08999a8e9b7759789470868e4ae3c138edc5fe57a8e2391 |
| SHA512 | 518a9b36a6c9d4b66fef44b220f20875fc47c181eafb986fe7cdc63e6c88a66d8dc638a58debc18288bba285574aff0b51488da19bed0bf976506303e1731c99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cf62119e8224728fd76e422bb743973 |
| SHA1 | dc012ae43d871861875a406db792eb4543af1483 |
| SHA256 | c5da2b573a6ef58ae11de18e0bcdbfcb011473f56474e3202a5fe38269517d2f |
| SHA512 | 0792bd0d88d4c0c4119e7502102570876f06e433627db5916aa3da4b4162401144985abd024b58ec07da798fe658c6f70e9c753541d6a29205b023881acb0919 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8b4c80670598746cff889756ac23fbe |
| SHA1 | 24729a93691d053ad619aa2160955366c8783c17 |
| SHA256 | ee88dce39fbddf34a2499152e2c23911643ccc5622f498971ac43314d52cbfba |
| SHA512 | 83a3179432a194aac8fbb16ca802748a546f53389fcc6798fe4b42fab674cf8ea22ecb5be4d57cd225b8daed7a91cf4d4db746599951c67abbd53b3a451a7783 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6bf066d07415003b248ec37473f0af1b |
| SHA1 | 9028ba1d17d18a17996c8b7ea13e44a91938a876 |
| SHA256 | 7d46406a910d840c1e222e74248681c383595eff94f36a134cc3ad8f218e0462 |
| SHA512 | 077dd664c0aebd589310b2ab66a413873335f31682ffab57dec7871bd39c8ff1eeb3d4e14e1a9f7387cd64028049cd0066f8cb04cb427de0d456bdb3bc14d359 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e23af14794200a18dd5dff594e7bfd0 |
| SHA1 | 29cd7ec5db147c5ef42002c1aff454c3f6413b66 |
| SHA256 | d6e332db270543f3bbf831bc6f81e09d481b0d199acfe0f3e140179961972734 |
| SHA512 | 827f523d3edcacb000035f9bd92b3dbc54cfe15fbad0b684dfa17cde8b75092ec355e1c3622abd85a36fd90885156c2a8f08277d6bc1eb2db46e9161db0db67a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f47e6b74ec0eb5f7049b5c0557e97850 |
| SHA1 | 1f5ba39c0ff5782c14dc73c4537892de1416ceb8 |
| SHA256 | 82395b745ca9bdcc98ee2d66ae9d5e62c0dddb0784f84d16a3edffa448e9146a |
| SHA512 | 838a87a116323544da91225ee1d92fb2fed62a92d2f92ea997ff35a6711ed905cc86c8ae62ff52d78ec11c3f940351102920b68e1c66e2cc6368c0968286a35a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f2bb51216485ddc236c4af424bdcd07 |
| SHA1 | e0c616d1247cf659cf250d532fcbda9042079473 |
| SHA256 | 0147d07be359ff2f3a93d4061be49914b6907aeef660dba24e5958fe8c5b04b0 |
| SHA512 | b29a36d179842e32cc8c7a3559b282d18aa3b1ec9d550584443e926f4edb6301ef3def634b8ccf52aa8b2972530f919ef6b4fedf1087f4dda31acc69f62d30b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c82e47a814971ef9ebbccd919a11653 |
| SHA1 | a5fd3ff2dcddbf98102f85707f5b70cd1cdbcdab |
| SHA256 | 2b15dcf0d1c81b684c5a5332a8efd00103b57dbe56149598b3a470ef5896b346 |
| SHA512 | 512716887994ee536755b49ec5d98c4eeb95eff840d4f39aac796ac53a2252cac7c0b938eb980fc38042b2cf085c2204fe40c2d0b1a0e2d5178619deb2226a28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7e5cb225321f919877caa74387627f0 |
| SHA1 | 8bafdc59cb46ec14a15c4f861a322408d075af29 |
| SHA256 | 236ba8693c39f2ad5e8677cbfb8588bee5fdac2fffc1a6f94059714c64d42fa6 |
| SHA512 | eee6e4ad4578e285a6be4160a6b940ad14d0a0661d672b283201c34499fc99c889d703c86a49979963311f883df358166cb29d5bbcab85efa230ecffad978509 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8dcf884b11b863e0a7fd63e002330c8 |
| SHA1 | b1eca708546b192b1f7ba46bde7b69387a8a054d |
| SHA256 | d7afd601cab037e59b134aae52b838c45742e4367a6a3d0f4f4ea443f5e8230b |
| SHA512 | c86af283fea82f29177ccd5cd589c1620fb3c52d215d5f48dab00c1d32adb961869387187fe0ffb405c5771b2fcc8e36de8a587f035d6ae73d5592cd0711c624 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | d038bed6892e8efd3d78bab5486f2ef8 |
| SHA1 | ac23681c180bf36308142b77c7f34911c32c5752 |
| SHA256 | 99b33bcc6387d70fd045b689acf233edec265f7c58a97c50703c34afde5f8a8b |
| SHA512 | 5d7abcacabbdeef72d748a0dd0613028604e806a3028da3079ca32d6c4caf45919a2ad4a4dd1b481cd7d0cc9fe96b2ad37dbd1f7840e7782ce6711e104176321 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0611c873e37ecc872ab84a8652c71cd5 |
| SHA1 | 0cd78ba5bddff12665defaf79d63ed3fdd18e5fe |
| SHA256 | 36c5c275564b32f47c63a93ebc7406c0b52e0f7886d1ee90fe7d2d4283802c82 |
| SHA512 | d94a527e62842f4d0ab5756262811f2ec1c9bba5737df1cb5d51d9f5fdd6a6a8eb7314f7021c6a2bd1295a84a4a7b0283e7900e64721357a0e7191272cc2f23e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72987882dcde6a98e3e61503d163c2d3 |
| SHA1 | 1888eb372c22f1a56fc6e087098f173b7394e959 |
| SHA256 | fc79112468dd5ff7157b9444849889601dfe9e9db426c6d9ff93e39eacbb2f1b |
| SHA512 | a5f653493a0b268a66696c5b4a62be7c9300f9bcd1dce11df839989417e1ec5b7e2d4ce9a13ed6abd2d63ef7989d56a5eb09a9516b8e72108325f9d1504a89df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c0f4f59110d826270e9e8e616f588d5 |
| SHA1 | 77276512e5155fa5411bef4fb653c0df298c34b2 |
| SHA256 | a97bde1ee20d595306c1ccfcc55c5757cd74f40e7abe5e969df24d981bff44ba |
| SHA512 | 83a0069d1ffbfda45085d479ddd54f2bd45dcf44e66c0b6a772421f6e9469a99c830684ffdf915ef40c389e83d2b5f63ab70a3f8bdda819798dbbefc231b47b7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-14 15:55
Reported
2024-12-14 15:57
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ef8c489aa69327094f8a8508af065451_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xbc,0x108,0x7ff8bb5446f8,0x7ff8bb544708,0x7ff8bb544718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,942400955952365052,3342154232126106346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.intensedebate.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.linkwithin.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | static.ebates.ca | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| FR | 142.250.179.66:80 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.78:443 | apis.google.com | tcp |
| US | 192.0.123.246:80 | www.intensedebate.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | tcp |
| DE | 104.102.6.54:445 | static.ebates.ca | tcp |
| US | 192.0.123.246:80 | www.intensedebate.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| FR | 216.58.215.33:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | images.brandbacker.com | udp |
| US | 8.8.8.8:53 | 20.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.123.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.179.139.118.in-addr.arpa | udp |
| US | 192.0.123.246:443 | www.intensedebate.com | tcp |
| US | 104.26.12.230:80 | images.brandbacker.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| FR | 216.58.214.169:443 | resources.blogblog.com | udp |
| FR | 216.58.215.33:80 | 1.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 230.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.bloglovin.com | udp |
| US | 8.8.8.8:53 | ambassador-api.s3.amazonaws.com | udp |
| US | 104.26.3.87:80 | www.bloglovin.com | tcp |
| US | 54.231.193.161:443 | ambassador-api.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | www.bhcosmetics.com | udp |
| US | 172.67.199.136:80 | www.bhcosmetics.com | tcp |
| US | 104.26.3.87:443 | www.bloglovin.com | tcp |
| US | 54.231.193.161:443 | ambassador-api.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | ad.linksynergy.com | udp |
| FR | 216.58.215.33:443 | 1.bp.blogspot.com | tcp |
| FR | 216.58.215.33:443 | 1.bp.blogspot.com | tcp |
| US | 35.212.79.71:80 | ad.linksynergy.com | tcp |
| US | 35.212.79.71:80 | ad.linksynergy.com | tcp |
| US | 35.212.79.71:80 | ad.linksynergy.com | tcp |
| US | 8.8.8.8:53 | www.revolutionbeauty.com | udp |
| FR | 216.58.215.33:443 | 1.bp.blogspot.com | tcp |
| US | 104.19.147.50:443 | www.revolutionbeauty.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 35.212.79.71:443 | ad.linksynergy.com | tcp |
| US | 35.212.79.71:443 | ad.linksynergy.com | tcp |
| US | 35.212.79.71:443 | ad.linksynergy.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 172.217.20.202:80 | ajax.googleapis.com | tcp |
| SG | 118.139.179.30:80 | www.linkwithin.com | tcp |
| US | 8.8.8.8:53 | greenlava-code.googlecode.com | udp |
| NL | 142.250.102.82:80 | greenlava-code.googlecode.com | tcp |
| US | 8.8.8.8:53 | 87.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.193.231.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.147.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.79.212.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | images.julep.com | udp |
| US | 8.8.8.8:53 | developers.google.com | udp |
| FR | 142.250.178.142:80 | developers.google.com | tcp |
| NL | 142.250.102.82:80 | greenlava-code.googlecode.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 142.250.179.110:80 | www.google-analytics.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 216.58.214.162:443 | googleads.g.doubleclick.net | tcp |
| FR | 142.250.178.142:443 | developers.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.78:443 | apis.google.com | udp |
| FR | 142.250.179.99:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.65:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | static.ebates.ca | udp |
| FR | 142.250.178.142:443 | developers.google.com | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| FR | 142.250.179.98:445 | pagead2.googlesyndication.com | tcp |
| FR | 142.250.179.66:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 216.58.214.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| FR | 172.217.20.163:445 | fonts.gstatic.com | tcp |
| FR | 172.217.20.163:139 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| FR | 216.58.214.169:443 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| FR | 216.58.214.169:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| FR | 216.58.214.169:445 | www.blogger.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:445 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
\??\pipe\LOCAL\crashpad_4496_PQNCFKFPAQQXIVXU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33196a95961bb977feeb85618f0d88bd |
| SHA1 | ed15ba5c401684520a1362f0b8b8147967df3945 |
| SHA256 | 06a6ab72fb4f8c1dc955e59b7acc1c3c29e23e1c64f4d5ae9ab32bf37abaaed4 |
| SHA512 | 5c583b65609073d8250cf2e69d630e915a61b918ef2a4eeaae34eefbc1fa4e401996bc168cf87ae301e35705b6feacac4a4b9d7e20f1d614ea029424a3d224a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 785cdc93e0ad32d6f1e90b124111c732 |
| SHA1 | 4e9997709e7cb69951f1363b38633a527d8ec8b5 |
| SHA256 | 31956d55e8f47fe89c9277fcac57d1e881139faa16b7f4a4291f8ded1cba03ef |
| SHA512 | 24a8d8aad885e21fd59192d87b7532ac98afb6cb9454ed028faadd1a24ad6224c81e556f1e94b42244c8e870c99d2e43b4a09df09603d5c2e43b768fec471b87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f254795aae65629bc505ce38cae795a9 |
| SHA1 | 0b869a630e58e563d2af0c664980ff5594d5ccae |
| SHA256 | 195854f1f4ec69d0364c7851bcfb1b6b89f96509dca99b490c57a1e42720f992 |
| SHA512 | bb53a72f1b76e0fba81ef559acf9ede35c70d02a61ff3c1d76e902c4bb33c844b83bb7efe85270cddeafe5f3783c30f76d3083610cff130e298942cd326d4141 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 22362bfdbb2b425cd6e64cb4736e1093 |
| SHA1 | cc17b66c0700967c6810f9f8554e0c09402a69c5 |
| SHA256 | 4a5dc44b2990b180a88203c117d5027f2ae7dab0394c40c3ee1d373b76a89c53 |
| SHA512 | 48ed67f94e139b946905fd3f76f22bbab2a3d13c2a8ed9bddf656e86956b5aaff80b56c06962f274da9b4c0b0effe3bbb8e3af98515abdacc8484750259be11b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 78c6ef63070cfffca5a86333e3c1b736 |
| SHA1 | fcd6d885b6e7b6459a4546b9d5a76fb6c47d119b |
| SHA256 | 0e92488ec2a826dc78a5bf82620fe9c4ae1c0cac3184ca1dad3f4677df5cb2a2 |
| SHA512 | 736eb8d69c9ff50c8b95f6870c9b6772db1274e99675f6ec8d9f0036d798d3d74e2e4c50d87055077e07fea7ab3d02c9e2d1d03a0b570ed6f77f6f523ce3272b |