Analysis Overview
SHA256
eebf96ca44a9e6cad8600fd81ffab13f75606bd6e19b4a6a87b4fe26a319d6fc
Threat Level: Known bad
The file 349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
ACProtect 1.3x - 1.4x DLL software
Loads dropped DLL
UPX packed file
Drops file in Program Files directory
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-30 05:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-30 05:25
Reported
2024-03-30 05:28
Platform
win7-20231129-en
Max time kernel
133s
Max time network
130s
Command Line
Signatures
Ramnit
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px1E1C.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0d4000e6d4b3148b62ef0685b173585000000000200000000001066000000010000200000002bca78f544e801cc4279081ce0a44affc07343461877da2aa4d53255870c846d000000000e80000000020000200000008c11d8f43b999eb025b71ca6e22b483e99cc5744c077a39ff07a21af85fe73449000000014c0fba2b43ba5f6b26bc9bc9c85c1b90f9e1a40734f1b540535e58a7bb2891d7f79bd6370c08f64f26f119b69690f31d19452cf8e6e9f86a0e6075124298b30e721a491ac9ae678803cff88f0370c1320a031deb71738bf442f3d70a1db1c959acb4c8ae3435278c72360e88ee9963f3b65dad7d36023a5cc5922d5e13b739184de81f018788cdd2a46768cf9186e4c40000000a760f8534813db41b011bd2a23e96c6f38f4c393b79d0666e190ccd61064853003f6828053a1db21ee9f372a924b52dce8871a14a3335e933c03e1b4ed3bffc5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EDBA79E1-EE55-11EE-8951-5E4183A8FC47} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05cc4c46282da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417938200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0d4000e6d4b3148b62ef0685b173585000000000200000000001066000000010000200000007808b3942c7656bf666006e2fb5f00233f5b95759d8a5aa5201d6e7a97e7fdaa000000000e80000000020000200000007ab9369babe81de7c886f1fa5cf89b8f5e685b70b203d5212435f69b03d8096c200000002ba817716706a7cce3099929200f047c3aae271078598acb91ebd1d74e122c3a400000002a04b6abd28f713996aa2610b2bc4a6d031a34d884938f3b4ab2de16684c4952c07749295b8922b987cddb91214aac60918eeee2f338cfc33944282388c39c65 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:603141 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | count38.51yes.com | udp |
| US | 8.8.8.8:53 | www.dzjjw.gov.cn | udp |
| US | 8.8.8.8:53 | count38.51yes.com | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.18.66.177:80 | www.bing.com | tcp |
| GB | 2.18.66.177:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | 89d24a7cd27bb7cd313f89cca3e58fdf |
| SHA1 | bb37aac9a7c0ab0d6f0a615439eeab1cb0f506ae |
| SHA256 | 4fb94001ce7961d61558c6f273b9a25e7286ff6c8e9a6eebac6576406962a38d |
| SHA512 | 0f25c6f4fbbd925ca3110ba26e638c72c8d1200dff98ac1062ab27fcc1259f6d6e0d0eaafd51fc83eb1ea36177bfbcd35a73351d13335fbd53c1c65f0c6be68e |
memory/2892-8-0x0000000000400000-0x000000000042F000-memory.dmp
\Users\Admin\AppData\Local\Temp\xcl1DEC.tmp
| MD5 | 685f1cbd4af30a1d0c25f252d399a666 |
| SHA1 | 6a1b978f5e6150b88c8634146f1406ed97d2f134 |
| SHA256 | 0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4 |
| SHA512 | 6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9 |
memory/2892-11-0x00000000002E0000-0x0000000000353000-memory.dmp
memory/2892-12-0x0000000000360000-0x000000000036F000-memory.dmp
memory/2892-24-0x00000000002E0000-0x0000000000353000-memory.dmp
memory/2624-27-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2624-30-0x0000000000230000-0x00000000002A3000-memory.dmp
memory/2624-31-0x0000000000360000-0x000000000036F000-memory.dmp
memory/2892-26-0x0000000000370000-0x000000000039F000-memory.dmp
memory/2624-25-0x0000000000370000-0x0000000000371000-memory.dmp
memory/2892-14-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar35E5.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c90e0b0a64bc8781417535ce0fc4f4e7 |
| SHA1 | b233ce99af915cbff5b05d5d5a47635476988b3b |
| SHA256 | 013cc4d092678993485c02db487b1e0363da05914a9c7a10b1fd73568e963f29 |
| SHA512 | ebd95dc13bed2f377d432d1ffdc2e320d31ec6b53ebd5e7b0c0cf0af6269d4ef40cf83b9d90e09945676700112191257e8b0ad6c73169826ca6c96f2a7af132f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1501c8357348a141cde96c2c4b40a36 |
| SHA1 | 15e0c64007b031bcb9a99568e9318d14a3ff5a7a |
| SHA256 | 0ef18e60ec75cf63cdcc9cd4eb6aef447f736857e6a5ebffbec8adf34aee3744 |
| SHA512 | 86f8c0a9b1359b448d4b6bdea92dce335de5690fd1c8ef34ee0e2b6eb9122a15694abbff9a982f8228dd0056d5699a28f277495362757c978d3a35086c9c2ab2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d68c66a4535826e950035465938b07b0 |
| SHA1 | 42b6f3819240cfa8ad416f5b2c423b1db8726c67 |
| SHA256 | 299d97f156f70e5d80dbe886a13f9532c4786b64ee26d7f5166b96b9ab93b2a4 |
| SHA512 | 00827306fa520201e6bf98351ea050bdd6bbe5bcb0692fd9e8782c70f78acd5c98b538faab7e81251cbfb73336f1760228ca4e34474f0d58c5af3b1cadf4611f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e982bf93c5989f4bbbd4d8070b50355a |
| SHA1 | 17bc424caa8426b24fb582da5d061e5ab6dd2258 |
| SHA256 | 9d92dcc96bb6f10f27789185fab794baad0d330d83e740f4274c08f2d439b88e |
| SHA512 | c1f78763e40721d9d1f8e3fd7ab18a81dea345757855e1cedd2dc3a265577d31cf0bd624f965794274889a91f21b5ade641220785ac0817395c67f5ff6caca46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ce4972ceb685e30f15f152c51b2b4f3 |
| SHA1 | 3dc01a6469125a1d13de37aa6750e9beb7fda3cb |
| SHA256 | 4252fa27d67354c7a7b7571f26a94a3b9d2989b90be1a28beb630305ae88ed09 |
| SHA512 | 2f444b87ea4e98501390d67fc7350c430588b1a1be3ab0a113d8c6cc7f4c42ee69341e0c0500ddf3afecb97a53bd5cc3cb57a043e924bf7fdcc44a8f19e2a386 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0e3f11fda3abbf5c76f53572c8dc889 |
| SHA1 | e339dc4f02e65b007bf1014632478662d3660207 |
| SHA256 | edccd5bcd6df95a9b2a9e8ef60311ff562b04d364e1ea27ab829e9f5e0c3ce6a |
| SHA512 | 5fb3360d11900c6008f7107a017cbb879c086d085bad5189b04649637dc6f43e351f38ff5cb9bf5cd976ce55293f8e8b7f02da0488630a8fdeb83fb43311da55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe2fba441fc84ea8cd18545d688d773a |
| SHA1 | 89d9291de0caa5e0b3c1734070030b8a9cf082d4 |
| SHA256 | 53fe7ffa7ef93441bc9b9dfcba7433d796adac5029fd04898a651c315a220498 |
| SHA512 | 7f59e7d28218dc0e015ff2bfd68c58c20c1e42213edd8d10100f7028423e72b15689b65b0f8f38a633dd478f93bac08e64d856f3fee3947a19c096ae994a9501 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 687aa9c573458f733f2933c140ae5038 |
| SHA1 | 739a8b9fb3b5c27c2404ed744cce75e1c4501c8f |
| SHA256 | 5681f73c8cf1368831d650a98c873775d658f0aece5093ca26f4d46e320ae777 |
| SHA512 | 910c3674f78288a5e33db6979419c64ae43527bca562b7c5197fc9a1eb0d29dde6c3e809f1c77b473a2d2f52607382d3e600dd5b608bc5c61d453717791e546d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | d98153bda45f77b32a43eec6731ee8c8 |
| SHA1 | 301540a149d2ec0264468858282229d62d9a8aac |
| SHA256 | 138c6921ce24d8ad44346b7b14eac2a418393509ea7fc0e4cb38c32f80500321 |
| SHA512 | 5e498bc62fdcb53eacb9e61f45a850628cbd868f2b7e9f306ee7486cb370a3980e97a3582aa17509cca9385e9a89856825fd629040acafc592dfd38718777991 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89c3671907852ff80ef3a59fe126a432 |
| SHA1 | e1df74d92999e8b127b8ae7d6628779535781473 |
| SHA256 | af8147b77fc4d268be76a4f3cb7d37dc63411746549a4bd2f966c82c4f8456fd |
| SHA512 | 74fe274cd93165450fba1bf39d14db9e5d68fb68a27ea15aa8369dc8e0fc8e7e7554d9568c2c7ced37d01a4dec21a881cce6b8a77accd2c9746a4d14baed5916 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e1a4d6b58bbdea4f8739b2dea2e131c |
| SHA1 | df9d9a2308c956149a3955bf322a03aca0389f7f |
| SHA256 | b7f5a888791641f17de2d29a2223aebed2e16775d6ae98db038ae579a532e0ee |
| SHA512 | f419c607030f0ad354898bf76b2c8f2a88485de0db86b6053c26add4dc8b010544e303bda0383ad30824f605b4982fcf2c765e626acc73ad410b8e17fb06b921 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
memory/2624-615-0x0000000000360000-0x000000000036F000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64fdaa5418c533d6773ae6d123cb480c |
| SHA1 | d828d6d36e92c2d90df3f94e5d232dbbf99dc383 |
| SHA256 | ed8d7dd2428b4319b0dcfb999648343407519f28eda63012e0d812b2b3ee60a4 |
| SHA512 | ae40c7f1dad207c382a541f4e94f93421d40501ff349d289c90847b37cddbea83bc389c50b0f6fac27df064690b5f754f64040d888d35954017b60744037438b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b4f40ca176a7be2f888228aa95b5d82 |
| SHA1 | b02a9220ed731eea59f4f48ec69c4151107c327b |
| SHA256 | c886f495b4c35a9284b29db3e2476885142b5d3d2e08ebc21e28089624bf810f |
| SHA512 | fabef12a8c764cac288ad9f081a8e79c24da76077be1b750bb39834fae0913f8c2d9981600b9f22f1bc7c9920515906de69ebd9dfa7e1cbd1315ada19fc4e426 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b49e0c819d30b0359c089862f1f20eb |
| SHA1 | fbfb4ee2976c5ca410760481207f4bc7e22cf1a1 |
| SHA256 | 47f8f51851c08e22ebe3251652ca0821942af24c4abe39fd9b6b93c95591260d |
| SHA512 | 8e6b84f80c37ee272ac94b56f0ea663f1f11a6f6de93555e3e2e6a219084254be120b5b6fa46844de002f0d0a2d1e802ae965c83345efdc6082493f6c34200c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e4406b9b3181116f3528c4529c15b21 |
| SHA1 | ed5bdb3497720980ae4a4928dfbfad233f1effe9 |
| SHA256 | ebdb16cbe87daca90b635f038539424d2164ea1b1320bce4a21b32ee0292ab98 |
| SHA512 | 9a09d7c62ef4177123210bf3ae80fc74cf89faf1b82da7a3d98b76da2a53ea8c6959b0458cf701623d5bb0a2980266b127b14e37639f6c6da17d08b7ac8b4b82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be3525010afd96d6cd0987ace3edafb3 |
| SHA1 | 9ae3283b35d63d923b07397ea79441f9900b9d36 |
| SHA256 | d4a0b6c36a232684c4f294a5c11fd6e2979e92c5236193433685464303757c6f |
| SHA512 | 10d5b84a8e1910b216b61b88896c39b00c82294103b75efcd472c4d231ff5eaf9d57940e543a362b78f098231321b801ba67e603ed429ac5a1bc1e9caebc500d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 937420ff89f4657f82642472d1c20960 |
| SHA1 | e89198d1fb07625e66360764c5e7b2483c1d21c6 |
| SHA256 | 63d74755a29ff0b05ba526e3a89b4e84f01f271fc54abfbe1e86ab5a605048e2 |
| SHA512 | d7020d38b8f6221c96015da3dcfd6d4b8f1b095e6c48ff913092f468c7ea63e41f7ba15e78eefed464ad53a77c54cc6ef2a8c46a61fbed6b32654fda36fed326 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5614adffb4ec92d95b63b19437025828 |
| SHA1 | 72d88d711d31a5b0f1a041970aea823facced9ec |
| SHA256 | c77dbc235f1c93a1ced016cc3d21c90d77359ddd8184d7fdc9306f681f11a9ad |
| SHA512 | 00e791a6226f80983eb327911631a0b8a16fb59aa81a48be2a2aea79675643d1c771a89439d462afd4fe365960d1afcb517bc6d284a3fc6378d4d1ef204ea959 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e97622631a1b0989f17e24623a8d6033 |
| SHA1 | 1dc15fda8c0c7977777464e862f6eb4b0a928e80 |
| SHA256 | 019a2b8eacd301f44ebdef75e6be53ae366ebbaef317a7d5dc8e0788f74eb522 |
| SHA512 | 34fe7f41f0818f485b89c680245552781518e401d0e11aabaa55af71c422a13d72f0642228b3bb01239404f73a1e9de0adf76380554dbb25598140350523f862 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddc443971a552835511ea70cc5214447 |
| SHA1 | 08f373727acad513215d3a135f01a474d4094e2f |
| SHA256 | b6cff46986fb8ed770f2b09d0d4e37006e9816464d30dbf3a2f6a244364fe542 |
| SHA512 | 3be1d14133b3e6c00b55b0467f371eb399dd45cce4f0dcd6964e0760ee6773cda57015c604cf62dd9aae713657945edbbf4925a90f1fdce9102e0ca72ed25b16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 599fce7f865ec048259ddd61cc335bc3 |
| SHA1 | 8cd044dda134d711b6f4b77a1571892612e483d6 |
| SHA256 | 1b9fe513b4f14255729d00d367044579a4f94d3f9e41e696acfcf0dd2d0250bf |
| SHA512 | 802ee7a246839db8e268fe2ead65143ee0bceb1d467588ae35722d3931b00ebe3b6284d95c47627d31d2886e1b1fa2905fbec9725d50fecc014ca5a4d0f82a5a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-30 05:25
Reported
2024-03-30 05:28
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4932 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4640 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5716 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4624 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4828 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | count38.51yes.com | udp |
| US | 8.8.8.8:53 | count38.51yes.com | udp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 88.221.134.17:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 152.33.115.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.dzjjw.gov.cn | udp |
| US | 8.8.8.8:53 | www.dzjjw.gov.cn | udp |
| US | 8.8.8.8:53 | www.dzjjw.gov.cn | udp |
| US | 8.8.8.8:53 | count38.51yes.com | udp |
| US | 8.8.8.8:53 | count38.51yes.com | udp |
| HK | 103.235.46.191:445 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | 17.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| GB | 142.250.178.10:443 | tcp | |
| US | 8.8.8.8:53 | 41.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | count38.51yes.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| GB | 104.86.110.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 105.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| GB | 2.18.66.74:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 74.66.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.141.79.40.in-addr.arpa | udp |