Analysis Overview
SHA256
7a432379a2501de51fc81b5b6a1a9f91463f25e9bfcc44b4360a0e29e0c4d832
Threat Level: Known bad
The file JaffaCakes118_82caf238d0a049df56cbc5e727e70575 was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-08 01:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-08 01:08
Reported
2025-01-08 01:11
Platform
win7-20240729-en
Max time kernel
143s
Max time network
144s
Command Line
Signatures
Detected google phishing page
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000008520b7f5aced4a97200aad326ab095000000000200000000001066000000010000200000004ab35809c1a6f90d056d0cbbbcf9313e269f428f18f66976e7bd2587227b3173000000000e8000000002000020000000b87e209ccc246959856a8988625fd04825da3e86207396d4cb9b9fc98201694520000000bea1030152787caff8722dd3e6edf6577ea7bb2d8b1c5e5fec9d0555f67770104000000076c8fb28930784f2a0d712922d7ae4c41f2f0c05da01042c6995abac438b83849c27474288bb08cacea5a39a0b4e7cc9a9ec73a61af5278df0cbe0ecc8a9221a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000008520b7f5aced4a97200aad326ab09500000000020000000000106600000001000020000000da9297addef86f20413584cbe1a4f23a3fafc5d498797ee09c61072cc689a988000000000e800000000200002000000027fe28369ed81bab010e4fc7db5f3bb5309fa692bdcac5678d6151d3a2a8725790000000d51bd628211fee1155d44756926501f8177e2fb3eaf4afbe7ddea8db85169e67a3098b026e5cd69e5b06db8f0a9e741819341e32d5e31025c90028d7c9209b9aa5322e1acf63c507baf4a4e43da8fa8a570c6c91c9318b6583868b555b40db0b281234ca433f3b70eaefb1c90988bdcc825a11c19987e8b33e422dfefd95c6641422ff084c3b09c8b33ba50d13a5309140000000dede8bd43f726917773de3a58b01e5e5c7c0e639154ebfbc9bc89c8851acbef05a2cf22510d0faec64cdf4cd2c1c0b131e9994a8546f4b702727563279269a87 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442460376" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 406434016a61db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1236AB41-CD5D-11EF-9B6B-D681211CE335} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1956 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1956 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1956 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1956 wrote to memory of 2712 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_82caf238d0a049df56cbc5e727e70575.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.checkinvietnam.com | udp |
| US | 8.8.8.8:53 | www.autohits.vn | udp |
| US | 8.8.8.8:53 | www.v8link.com | udp |
| US | 8.8.8.8:53 | linkon.org | udp |
| US | 8.8.8.8:53 | www.moreusers.info | udp |
| US | 8.8.8.8:53 | www.floristslinks.com | udp |
| US | 8.8.8.8:53 | backlinks.vn | udp |
| US | 8.8.8.8:53 | www.21sme.com | udp |
| US | 8.8.8.8:53 | www.enginespy.com | udp |
| US | 8.8.8.8:53 | www.scriptshead.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| US | 104.21.16.1:80 | www.scriptshead.com | tcp |
| US | 104.21.16.1:80 | www.scriptshead.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| FR | 94.23.77.62:80 | www.floristslinks.com | tcp |
| US | 34.205.242.146:80 | www.checkinvietnam.com | tcp |
| FR | 94.23.77.62:80 | www.floristslinks.com | tcp |
| US | 13.248.169.48:80 | linkon.org | tcp |
| US | 34.205.242.146:80 | www.checkinvietnam.com | tcp |
| US | 13.248.169.48:80 | linkon.org | tcp |
| US | 172.67.201.183:80 | backlinks.vn | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| US | 172.67.201.183:80 | backlinks.vn | tcp |
| US | 104.21.32.1:80 | www.scriptshead.com | tcp |
| US | 104.21.32.1:80 | www.scriptshead.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| US | 172.67.179.118:80 | www.v8link.com | tcp |
| US | 172.67.179.118:80 | www.v8link.com | tcp |
| US | 104.21.64.1:80 | www.scriptshead.com | tcp |
| US | 104.21.64.1:80 | www.scriptshead.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| US | 172.67.156.59:80 | www.enginespy.com | tcp |
| US | 172.67.156.59:80 | www.enginespy.com | tcp |
| US | 172.67.179.118:443 | www.v8link.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 104.21.16.1:443 | www.scriptshead.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| FR | 94.23.77.62:443 | www.floristslinks.com | tcp |
| FR | 94.23.77.62:443 | www.floristslinks.com | tcp |
| FR | 94.23.77.62:443 | www.floristslinks.com | tcp |
| FR | 94.23.77.62:443 | www.floristslinks.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| US | 172.67.8.141:80 | widgets.amung.us | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.phimmoi.net | udp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| US | 69.53.224.115:80 | www.phimmoi.net | tcp |
| US | 69.53.224.115:80 | www.phimmoi.net | tcp |
| US | 69.53.224.115:80 | www.phimmoi.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.143:80 | crl.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ba0b1a00e1dc69bb6ee9d9a541c428c9 |
| SHA1 | 95f6aae63d3dd44b16473ba22457c4e285b1aefc |
| SHA256 | 52630f94e63a66c6b60beca4570739a877bb1166e1670b2a7a7ef8f0c97a817e |
| SHA512 | 5a8257dc27e62248b9b4d7768322d937bf44d7f352fec1e7939d09623f164cce5f2f0f3d74df23588e91c910306a4ffb869b5b198cdfd33386ca242a289716b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 91f3fe15af2b35da9b6ff8eb52671b42 |
| SHA1 | 0a57041fac4928990c38a04032b49995404d4fb3 |
| SHA256 | 976d65aad0a8ef36e53b66356d095d8a7fac4d6d4527c88f45a58da3de04eecb |
| SHA512 | bd6af964789f4c7478c3424e77153ee69a0fb2c70cbd90058e203e59fe6b175bd0a0bf11229dede46a09c2a3fb733b42d5f09204755d7a634839bbfb3c8526d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 231b3e1081ed6b3de7f187abdcae6849 |
| SHA1 | 651bfb286c2dcc96f62eabf5d9005e482e66f692 |
| SHA256 | 43a9271d9f1a522f45f8934097458a7c56dba5f52aa39e208efe60edac81f6ac |
| SHA512 | aabbdfbb8747d42809b512b74a1287466bc92a5a6b0e9fbc8a1d55c7f63f0e254c11c686f71b4ace099783b298afff6cca3901ae5286be7bccef5b7fa422dab1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | a5c1ec2fef8d913358de628b646dd494 |
| SHA1 | c3c37f017fe2e36900b83d7153c5889482a430ac |
| SHA256 | c6f894956ad7847c170e53e44cbae8978c120d0b33bb558a2c21847aff227e89 |
| SHA512 | 18062d03095dcc468559d374a85f40606b5916dfc90be63ae366b99b86c4b937bf892a2147d915cd8d8f86a9d45bb64ebf1f3e1e663d7ec969f849f0f0dfd386 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_CB0386D01AD4CDBD503575C3CD1660FA
| MD5 | 65d297489a759d1647145bb540a38971 |
| SHA1 | 57a7a0e46ced37642a0a133b4341a6141783f64e |
| SHA256 | ecf7434a8fedc1bb012a92551fc728b2508f8ef76177426fe810f1f24975562b |
| SHA512 | 37f98954381d54a1f00b9971dbecd46f2a94aa1aca3d74e2d896ff3e08923b6867f7147c346209e9a0d8aa1f3c15df7533d3b7685b5ad33db7a0fcc0fa852095 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_DFB78462C65FAC2750B89E1A8A1F9A53
| MD5 | c5df55214cc448b9c91afebca5af40b6 |
| SHA1 | 5ad3f492f592bea7c23da8bb4fd925e444820782 |
| SHA256 | 106595f43ced63b4f5e9ee54934f55e38ae2ac599aaf752ed37d8c80d2c8a9aa |
| SHA512 | 7a4cc93ad8c9222e3ca3e515118c7c48abb34cfa00a0cc8389ba5c5412b85fcc06a4e3f6695c66b82ff3c55452f85505d1b5759e4deacdec180f9f89330852dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6a475e9bbfa71727380bf218686b3b8 |
| SHA1 | 78ac25620f3525a82485e4652ba847b64e0085fc |
| SHA256 | e7d1651b142927538b2386f2125160e08ceb640135ec2b4ed4366a8975f67266 |
| SHA512 | 65e24df5457d18d3c23ff3a40bc378266706856081381bf5fb192c0ce28fee5cc2583726b68067e6f40c7a1a8a70e315ab54b0b2aab462654ae6861d653e6a70 |
C:\Users\Admin\AppData\Local\Temp\CabF9EA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF9EC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c7091985f51688d712e801bc3898fe5 |
| SHA1 | 91eebdbb80695f6fd41afa75e2d1b08e06dfa360 |
| SHA256 | 63199538d0f77cb06435c2a390480f4dfdfdf5de474ae6a9a8601abd8b5e96db |
| SHA512 | 24d2bedf382153bd0d52a320d1e736cb14d018f39024cf57c340c693a58ce5a3f3cdf41ecdf561cbbcfabc37c172f11fcb98a71d5b761139526cd2276380240f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 54ccfe605ae487d55364c00b0f95ab0f |
| SHA1 | 2ca3a647df5321de7cd1fe4d79b6282ba99c6670 |
| SHA256 | 1a52a517ebe1d061bc633d31dd29ed3ffd4123b3dc6cd8c48331e321985e8780 |
| SHA512 | d6d08fe3172f383a8195d885dfb453e9c0d6a250a1d07c3bcb1185a87de155ad6e165d7cc9d200df57afdc9fbec4babb146f6a6ab2e938aa0066990e7aeb6a36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2d0cf9e2a397ebc0fd05957689a6a2b |
| SHA1 | 3419240a4bbdef88f12c763ebed980a1eaad5aa5 |
| SHA256 | 1328ada23ba6f4bd013c142562449133a82be8cdff004cd28f9312f79b5d5189 |
| SHA512 | 41dfc76e3fa40f328f695a8f37461b12594cf24912f93fcbf3fd1a1df5f50186384443c6a7d0da3994085681f91a148103556f6892bb3e40e4eef8496c960ebd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8a6c070590aa0ab4306e06e7cf07cbb |
| SHA1 | 23c14d87d3b9f36a5e6a451817d709ef6d39aefb |
| SHA256 | 66095826231855d8b9f4c9b04ed7f0d24b0b4ba4134d14fe5d1d17bebce8e84d |
| SHA512 | 9c8c6f0d1f9dff0a33936137fe883a04f8a82a099b32e7dbaf0f993919f00f35026a1093977fa427a6694557bb11a198fc112a9ed9c98dccce8fdb3d33ee646a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e058b9d7ed657f52ef5571da8031ba5 |
| SHA1 | 3711bd564717363690fc4e1abdff86374007e366 |
| SHA256 | 0c5e1cc2f6c9f506bb08ad3e2bbde7304a018a496443a38a22ec2c57fc8b6cca |
| SHA512 | a28a60b08b450422603d370fdd4afa960bb328a0c0f141a3a31c74bb6c821b4920d89ee6269a102f194c90fcb1436c54fe0e33414f068a92d7ab571a979cc8af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 856497310e0446799388a470529a4b66 |
| SHA1 | 366c865d074d50babaf16ac5765d1eb5949d47d2 |
| SHA256 | 9cfc1726942ba1412eabd18d452b17bf5d9879623859222f2d511cfddd58bcc5 |
| SHA512 | f3cae060edb1b4910651d2f6aad384f884e6aa72da445f36296772884746d377e15714478ac9008840772a35d239c8d141a4cf4acdd37a099f880c944069a69a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | aa5b008b4021fce312b15227d9504f4e |
| SHA1 | 884adbb12152a960675aa03c727065539113cb48 |
| SHA256 | 48e6c7f4a56dd7eb5f55e246b9fb7849f27fe9412b2353a02e825455bd8f8262 |
| SHA512 | b58e3fbc40ce0e3af411b169e1df407a149d83559a1dea99986c4f24de438364bf75336d2c00ffef9a2aabfb743b7831bc5eefe621743bf12df041457b787d02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea8ae8486c505e1ab8e07df229764229 |
| SHA1 | 8fa7379bfd154437c2757fc400b6fc673d240926 |
| SHA256 | 461180b38fd2814ffabcfc94cc477abf9f710c043d302e1b536dcaf975eb97b2 |
| SHA512 | ded473f8585d7992e8869301587a6c57507800ffadb0d9ffccedba96994cd4a6ea4d78c5d53f42dd7cfabae7387923077fe11f51aedefae92d2fe90c14dbfcc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 440eb982dd56c854b39d519ed502ac6a |
| SHA1 | cc00aa5fb63fb2ea6d587587d831efde5e8a9f58 |
| SHA256 | 587f832a281cdd0edc90188ba9b59e703b33fbb64329cee8bfd5e77394f0026e |
| SHA512 | 9f548eb7665644966a1440fbcf04538bfef7114344455566cf44f6a9dac776ef71feabd989292ab5b82d145401bee0f46f414f53ed2592f380dc6294462e2f50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | faf45206982e7ab7a7fcce345f25517a |
| SHA1 | 93934cf44d9b376f3803c13e96df58876d4a4bf3 |
| SHA256 | a46945fcd3605080b79397ec1f33d44254abc4ec49f925b8f009db0bc2794610 |
| SHA512 | 60f9347a2400b05644931255a52a80a5a1365c3552db889e9380e13e4593cbd8637fb8f781d4e87541fdff490ddfb9177204612b66968ff402a6d446d2993836 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 722ce7c4bdb869d8bbbb993a58b85508 |
| SHA1 | 2ddc842384a1df69fdcd0f49feb1fe1a92e1d81c |
| SHA256 | 5a6fe56a593c46f582a6c30fc09b76ab48103e558814b957e82e3da47d035d62 |
| SHA512 | 49938cb2a7e3d81a833eacd22aa05b16dea41d7703a767400ebbcbdff98db2627d59bb878e328289b8cce6328b4d507b74d2852e0be3c1aef6bcb04ccd1c2d31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c77afca235bf22bac9f41dfe2c94dd15 |
| SHA1 | 2cdb52ff97b6baacdd2cb4dc16e08b9fe8334a68 |
| SHA256 | b89c4eca70aefd521572cd91163ec5d29212a62d4276b2dd344726c618a5cb67 |
| SHA512 | e380d60a4f3ca84fb8207121ef44d3811bc5f1ab6d45d713aa6544a26fba401b2dd3fad2568cd374c811647f3763ee0ccfd0c0cd84edc97058a3c1522692358e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc531de89079a4b4a53e64a49d10ee8e |
| SHA1 | 087720dc90760a5afac5f721c983b9a9c141b336 |
| SHA256 | e2a756fbf766f841341a3e69aa18163a39f8e9b2ef8e86f20e083905fa03ebdd |
| SHA512 | 556aea84423f0e7f0d9b98cfa69d17714ac5c2570a17985458874b0374fae98697bf15c00cec2ed9b0e5eb867dce101e3df171f5e8838705d9b2b99cca7ec5ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a255667c29c318895a4f41a6a4de413c |
| SHA1 | e797e23cc9683024d37c3c47218aac386bd7643e |
| SHA256 | 579cfd5bf0e3a5ef055f52167784de68fa429038f33be7c8d4ed1ba962cd0e81 |
| SHA512 | e680aadcc5627cb04e62c46da5e051ae6c76ce70b5ee2c33755fe16eb6312a5021764adcbf3ff49f6f0ca674f85ec5e55f7aa151ae602616088d8918a4c99399 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c351ead3965dd72e322f37cf20c8d76 |
| SHA1 | ff466723d32aa4a0d5a3e62e4591c66f1697282d |
| SHA256 | c689a6b4c270bfbb97f712b6b156eb67dbd986e178b972ae7a1fbf30eea2e302 |
| SHA512 | 82313eb7c86b4e32375d5a00dabdfbfb2cf5c57546f408443388f8bfd806395ff55f1ca478a86b201050a9727a28f92868dfeaf29358028e39febf16bac9ff65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62513d12966ea5b2af7261832b088d23 |
| SHA1 | d0829c23ae3fedcc02593ac94edeea62e756d7e0 |
| SHA256 | 73f7e680ccc1c707503379f04661016770f39a1f350bc2644ad9ed6ef1bcb6dc |
| SHA512 | 32d05a0434cb14e5c666e0b38ee3a919b88a553027ef9a9fc6384912805792f3e156ecbe18427190ca584d0043f5173097c7c3950ada8fe3ae1593fba06be1c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66c77ba2dd2d3c84d65df95299ababff |
| SHA1 | 8a9cee787715ba90f15313138887a6fafce67ba3 |
| SHA256 | 831b69ad8649e1e38980e0362c64843d8b29142c739506b42134b03b303ca644 |
| SHA512 | 20f769a7de5e2459a52f25cc155330a5d66e335f3e141961927e91c20604e9f7f8bd7b74c5c08afb47097d4413f13ba47d512d465b787ebeb71a92791ed056e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05b26efced9b7b38d7101111640b5298 |
| SHA1 | 0d1a653bd77602e40c2d8eafea6945e52f1e104b |
| SHA256 | 12dca8bab000752c6ef2e0e72afb3be397fe02a5d4fb485d9dde341e95f07438 |
| SHA512 | 0214c6566808505a997a50d724b69479561f6bf926b8b900d2baa94aad83a5533e7041b4be284d7c1338e3131f68509ae805c1f51879f0640583af6b1f68f909 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 971735d7026e6745e0fda263ee1fd68f |
| SHA1 | 1852cca7180a5c4d89545f8415e8c79b0a62e691 |
| SHA256 | 99aee8d61d8b4f0316f1722449dcd578fe0c7952aeff2b967fa60ff1a8998bd7 |
| SHA512 | a171c5a7241d6b5fc750468d62c08e4e04c83c643bb1253b9dad9c897c655cca2e5e5de0e2373312edeb2bb7a2738fdc6427dcce2907259b7e7df0d3de19eb73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6511263902bfb08540c924ca09d16476 |
| SHA1 | 60732d0fd0edf0608759471c9f656ec570b6a52c |
| SHA256 | bd28f27d6f13f6b39d86a99c3af4f4e9ab08cbfe22060cf69368d8ee1da887f9 |
| SHA512 | df2dc256de16ca2fd68fa978ea18ba4dd7a01c8644c015c10a8c562aaccbe4986afdea88111ef6e61e85c56a27d403994b8a9214ba7548397fd31d9956f3f247 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f69f8d0cc11d73693eeea914dfa29bd7 |
| SHA1 | 394205f49733e82e69bd872560873ce739d6d5b1 |
| SHA256 | c67d5ca7f8b6283b9091e66e06b58469ef35902259a5763634dd18e6644d49ff |
| SHA512 | 5c4204efa36b3b090c0017fa32791df84c5ab6fbe6879cb7e1f56bb0dbc78687b9063d798a1f2e8d4b147117e4ea718a0f43f69f470c740436c22bd0eca9ffbf |
Analysis: behavioral2
Detonation Overview
Submitted
2025-01-08 01:08
Reported
2025-01-08 01:11
Platform
win10v2004-20241007-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
| N/A | sites.google.com | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_82caf238d0a049df56cbc5e727e70575.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbc8246f8,0x7fffbc824708,0x7fffbc824718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10771055148783737481,4012732613177856915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | sites.google.com | udp |
| GB | 142.250.179.233:443 | www.blogger.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.179.233:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| DE | 157.240.27.27:445 | connect.facebook.net | tcp |
| GB | 142.250.178.14:443 | apis.google.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.169.14:443 | sites.google.com | udp |
| US | 8.8.8.8:53 | www.autohits.vn | udp |
| US | 8.8.8.8:53 | www.checkinvietnam.com | udp |
| US | 8.8.8.8:53 | www.v8link.com | udp |
| US | 8.8.8.8:53 | linkon.org | udp |
| US | 8.8.8.8:53 | www.moreusers.info | udp |
| US | 8.8.8.8:53 | www.floristslinks.com | udp |
| US | 8.8.8.8:53 | backlinks.vn | udp |
| US | 8.8.8.8:53 | www.21sme.com | udp |
| US | 8.8.8.8:53 | www.enginespy.com | udp |
| US | 8.8.8.8:53 | www.scriptshead.com | udp |
| US | 54.161.222.85:80 | www.checkinvietnam.com | tcp |
| US | 76.223.54.146:80 | linkon.org | tcp |
| US | 172.67.179.118:80 | www.v8link.com | tcp |
| US | 104.21.48.1:80 | www.scriptshead.com | tcp |
| US | 104.21.16.1:80 | www.scriptshead.com | tcp |
| FR | 94.23.77.62:80 | www.floristslinks.com | tcp |
| US | 172.67.201.183:80 | backlinks.vn | tcp |
| US | 104.21.112.1:80 | www.scriptshead.com | tcp |
| US | 104.21.74.72:80 | www.enginespy.com | tcp |
| US | 172.67.179.118:443 | www.v8link.com | tcp |
| FR | 94.23.77.62:443 | www.floristslinks.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 8.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.48.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.179.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.201.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.77.23.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.222.161.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.54.223.76.in-addr.arpa | udp |
| US | 104.21.112.1:443 | www.scriptshead.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| DE | 157.240.27.27:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.200.33:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | www.phimmoi.net | udp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.187.195:80 | fonts.gstatic.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | tcp |
| US | 69.53.224.115:80 | www.phimmoi.net | tcp |
| US | 69.53.224.115:80 | www.phimmoi.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| GB | 142.250.200.33:443 | lh6.googleusercontent.com | udp |
| US | 8.8.8.8:53 | widgets.amung.us | udp |
| US | 104.22.75.171:80 | widgets.amung.us | tcp |
| US | 8.8.8.8:53 | t.dtscout.com | udp |
| US | 141.101.120.10:443 | t.dtscout.com | tcp |
| GB | 142.250.178.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 104.22.75.171:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | 171.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.120.101.141.in-addr.arpa | udp |
| US | 104.22.74.171:445 | whos.amung.us | tcp |
| US | 172.67.8.141:445 | whos.amung.us | tcp |
| US | 8.8.8.8:53 | whos.amung.us | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c2d9eeb3fdd75834f0ac3f9767de8d6f |
| SHA1 | 4d16a7e82190f8490a00008bd53d85fb92e379b0 |
| SHA256 | 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66 |
| SHA512 | d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd |
\??\pipe\LOCAL\crashpad_2060_XGQAEHZHEACLHYEB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e55832d7cd7e868a2c087c4c73678018 |
| SHA1 | ed7a2f6d6437e907218ffba9128802eaf414a0eb |
| SHA256 | a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574 |
| SHA512 | 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d8aecc9f4fcf05ce28ef1da1330f5b5 |
| SHA1 | ef51b840c94f748b1c33124031be377940dfa87b |
| SHA256 | 450f3cd4b2080a669d778d3cbea4008a8110b418802dd23e4d89b4f5d5c9458c |
| SHA512 | d2d18b067fa438d335a2df544216c5420c0047425944bf62cb00fe136c1bc11c1b426ed20336f257ddeb5756ea039b8629f75fbce3883d8a40f7dc4a384abc15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64f2f4d32ae761e31f3244964b24a7a9 |
| SHA1 | 00b1e1ce6962ca87e90199d006fb8192c10d94af |
| SHA256 | 311a1e65483068470d4dff3771f4ff0d7003cafd18aa7492494b18ee1c64f925 |
| SHA512 | 7c5a6e5625d62b1251862b5f60ab6ba71ee15a87e10725f0ff0493db3b1a66a4f102cb6c71e190052f055a8de9bc241870a9a66ee73247de8491bef26e987db9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0040f2c6-a072-4299-9432-2fe403fbf8d8.tmp
| MD5 | a381bfb249846a08fc6f5cae30b59bc7 |
| SHA1 | c086ec13f805bc5b64ef1633ff91827910f29abd |
| SHA256 | 9775a09683e5fe992ac7056621451d4bda3dae5437962f3ca4d7f2559d1e3d62 |
| SHA512 | c7a2d3792448a02e38d26fa26037b22e9156c1e31b0505315bde9f6517d065f6c5dc0dca69e23b34f3d79d08193338d7853dc388bf5bb4b36ba191abc4cb230f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 656dc6583693a2d304bf1e67243d78b7 |
| SHA1 | acd0c04c6250aa218ab10e856465d763e93a97d2 |
| SHA256 | a791e939cafcc2e0ec339495ec6edf790f2b042c095c7ba4ac336d130a95b7f9 |
| SHA512 | dea024f60f758c6af46d2e4d14a341f6fbabcd93504075be8ca2922a89f1ebad91f553bcedd67af7168f389e935f3ed1b6258ef1aeaf02a0823e4b3483c32efa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9bd23be9b84d29b9b22efd047c7b7b0b |
| SHA1 | f00082585fe1ba8ab3ef7209fd70859d0a60b286 |
| SHA256 | fc37dc572895a292281950a5bbf7da1dd0bb7c0ee4f1e62b55f5855c599272ba |
| SHA512 | 7b44fcc0a563f1e9c6608eb318864f92797899178bdf1accfed41b388054ab842c0e3d07d55721931a0a4a49e4a16a83bfa0f25c8fe55033fc732ec342e92677 |