Malware Analysis Report

2025-08-05 19:12

Sample ID 240330-f4h26she3y
Target 349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118
SHA256 eebf96ca44a9e6cad8600fd81ffab13f75606bd6e19b4a6a87b4fe26a319d6fc
Tags
ramnit banker spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

eebf96ca44a9e6cad8600fd81ffab13f75606bd6e19b4a6a87b4fe26a319d6fc

Threat Level: Known bad

The file 349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

ramnit banker spyware stealer trojan upx worm

Ramnit

Executes dropped EXE

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Drops file in Program Files directory

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-30 05:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-30 05:25

Reported

2024-03-30 05:28

Platform

win7-20231129-en

Max time kernel

133s

Max time network

130s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118.html

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\px1E1C.tmp C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0d4000e6d4b3148b62ef0685b173585000000000200000000001066000000010000200000002bca78f544e801cc4279081ce0a44affc07343461877da2aa4d53255870c846d000000000e80000000020000200000008c11d8f43b999eb025b71ca6e22b483e99cc5744c077a39ff07a21af85fe73449000000014c0fba2b43ba5f6b26bc9bc9c85c1b90f9e1a40734f1b540535e58a7bb2891d7f79bd6370c08f64f26f119b69690f31d19452cf8e6e9f86a0e6075124298b30e721a491ac9ae678803cff88f0370c1320a031deb71738bf442f3d70a1db1c959acb4c8ae3435278c72360e88ee9963f3b65dad7d36023a5cc5922d5e13b739184de81f018788cdd2a46768cf9186e4c40000000a760f8534813db41b011bd2a23e96c6f38f4c393b79d0666e190ccd61064853003f6828053a1db21ee9f372a924b52dce8871a14a3335e933c03e1b4ed3bffc5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EDBA79E1-EE55-11EE-8951-5E4183A8FC47} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05cc4c46282da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417938200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d0d4000e6d4b3148b62ef0685b173585000000000200000000001066000000010000200000007808b3942c7656bf666006e2fb5f00233f5b95759d8a5aa5201d6e7a97e7fdaa000000000e80000000020000200000007ab9369babe81de7c886f1fa5cf89b8f5e685b70b203d5212435f69b03d8096c200000002ba817716706a7cce3099929200f047c3aae271078598acb91ebd1d74e122c3a400000002a04b6abd28f713996aa2610b2bc4a6d031a34d884938f3b4ab2de16684c4952c07749295b8922b987cddb91214aac60918eeee2f338cfc33944282388c39c65 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 948 wrote to memory of 2164 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 948 wrote to memory of 2164 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 948 wrote to memory of 2164 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 948 wrote to memory of 2164 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2164 wrote to memory of 2892 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2164 wrote to memory of 2892 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2164 wrote to memory of 2892 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2164 wrote to memory of 2892 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2892 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 2892 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 2892 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 2892 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 2624 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2624 wrote to memory of 2472 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 948 wrote to memory of 2828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 948 wrote to memory of 2828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 948 wrote to memory of 2828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 948 wrote to memory of 2828 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:603141 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 count38.51yes.com udp
US 8.8.8.8:53 www.dzjjw.gov.cn udp
US 8.8.8.8:53 count38.51yes.com udp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.18.66.177:80 www.bing.com tcp
GB 2.18.66.177:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 89d24a7cd27bb7cd313f89cca3e58fdf
SHA1 bb37aac9a7c0ab0d6f0a615439eeab1cb0f506ae
SHA256 4fb94001ce7961d61558c6f273b9a25e7286ff6c8e9a6eebac6576406962a38d
SHA512 0f25c6f4fbbd925ca3110ba26e638c72c8d1200dff98ac1062ab27fcc1259f6d6e0d0eaafd51fc83eb1ea36177bfbcd35a73351d13335fbd53c1c65f0c6be68e

memory/2892-8-0x0000000000400000-0x000000000042F000-memory.dmp

\Users\Admin\AppData\Local\Temp\xcl1DEC.tmp

MD5 685f1cbd4af30a1d0c25f252d399a666
SHA1 6a1b978f5e6150b88c8634146f1406ed97d2f134
SHA256 0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4
SHA512 6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

memory/2892-11-0x00000000002E0000-0x0000000000353000-memory.dmp

memory/2892-12-0x0000000000360000-0x000000000036F000-memory.dmp

memory/2892-24-0x00000000002E0000-0x0000000000353000-memory.dmp

memory/2624-27-0x0000000000400000-0x000000000042F000-memory.dmp

memory/2624-30-0x0000000000230000-0x00000000002A3000-memory.dmp

memory/2624-31-0x0000000000360000-0x000000000036F000-memory.dmp

memory/2892-26-0x0000000000370000-0x000000000039F000-memory.dmp

memory/2624-25-0x0000000000370000-0x0000000000371000-memory.dmp

memory/2892-14-0x0000000000400000-0x000000000042F000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar35E5.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c90e0b0a64bc8781417535ce0fc4f4e7
SHA1 b233ce99af915cbff5b05d5d5a47635476988b3b
SHA256 013cc4d092678993485c02db487b1e0363da05914a9c7a10b1fd73568e963f29
SHA512 ebd95dc13bed2f377d432d1ffdc2e320d31ec6b53ebd5e7b0c0cf0af6269d4ef40cf83b9d90e09945676700112191257e8b0ad6c73169826ca6c96f2a7af132f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1501c8357348a141cde96c2c4b40a36
SHA1 15e0c64007b031bcb9a99568e9318d14a3ff5a7a
SHA256 0ef18e60ec75cf63cdcc9cd4eb6aef447f736857e6a5ebffbec8adf34aee3744
SHA512 86f8c0a9b1359b448d4b6bdea92dce335de5690fd1c8ef34ee0e2b6eb9122a15694abbff9a982f8228dd0056d5699a28f277495362757c978d3a35086c9c2ab2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d68c66a4535826e950035465938b07b0
SHA1 42b6f3819240cfa8ad416f5b2c423b1db8726c67
SHA256 299d97f156f70e5d80dbe886a13f9532c4786b64ee26d7f5166b96b9ab93b2a4
SHA512 00827306fa520201e6bf98351ea050bdd6bbe5bcb0692fd9e8782c70f78acd5c98b538faab7e81251cbfb73336f1760228ca4e34474f0d58c5af3b1cadf4611f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e982bf93c5989f4bbbd4d8070b50355a
SHA1 17bc424caa8426b24fb582da5d061e5ab6dd2258
SHA256 9d92dcc96bb6f10f27789185fab794baad0d330d83e740f4274c08f2d439b88e
SHA512 c1f78763e40721d9d1f8e3fd7ab18a81dea345757855e1cedd2dc3a265577d31cf0bd624f965794274889a91f21b5ade641220785ac0817395c67f5ff6caca46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ce4972ceb685e30f15f152c51b2b4f3
SHA1 3dc01a6469125a1d13de37aa6750e9beb7fda3cb
SHA256 4252fa27d67354c7a7b7571f26a94a3b9d2989b90be1a28beb630305ae88ed09
SHA512 2f444b87ea4e98501390d67fc7350c430588b1a1be3ab0a113d8c6cc7f4c42ee69341e0c0500ddf3afecb97a53bd5cc3cb57a043e924bf7fdcc44a8f19e2a386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0e3f11fda3abbf5c76f53572c8dc889
SHA1 e339dc4f02e65b007bf1014632478662d3660207
SHA256 edccd5bcd6df95a9b2a9e8ef60311ff562b04d364e1ea27ab829e9f5e0c3ce6a
SHA512 5fb3360d11900c6008f7107a017cbb879c086d085bad5189b04649637dc6f43e351f38ff5cb9bf5cd976ce55293f8e8b7f02da0488630a8fdeb83fb43311da55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe2fba441fc84ea8cd18545d688d773a
SHA1 89d9291de0caa5e0b3c1734070030b8a9cf082d4
SHA256 53fe7ffa7ef93441bc9b9dfcba7433d796adac5029fd04898a651c315a220498
SHA512 7f59e7d28218dc0e015ff2bfd68c58c20c1e42213edd8d10100f7028423e72b15689b65b0f8f38a633dd478f93bac08e64d856f3fee3947a19c096ae994a9501

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 687aa9c573458f733f2933c140ae5038
SHA1 739a8b9fb3b5c27c2404ed744cce75e1c4501c8f
SHA256 5681f73c8cf1368831d650a98c873775d658f0aece5093ca26f4d46e320ae777
SHA512 910c3674f78288a5e33db6979419c64ae43527bca562b7c5197fc9a1eb0d29dde6c3e809f1c77b473a2d2f52607382d3e600dd5b608bc5c61d453717791e546d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 d98153bda45f77b32a43eec6731ee8c8
SHA1 301540a149d2ec0264468858282229d62d9a8aac
SHA256 138c6921ce24d8ad44346b7b14eac2a418393509ea7fc0e4cb38c32f80500321
SHA512 5e498bc62fdcb53eacb9e61f45a850628cbd868f2b7e9f306ee7486cb370a3980e97a3582aa17509cca9385e9a89856825fd629040acafc592dfd38718777991

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89c3671907852ff80ef3a59fe126a432
SHA1 e1df74d92999e8b127b8ae7d6628779535781473
SHA256 af8147b77fc4d268be76a4f3cb7d37dc63411746549a4bd2f966c82c4f8456fd
SHA512 74fe274cd93165450fba1bf39d14db9e5d68fb68a27ea15aa8369dc8e0fc8e7e7554d9568c2c7ced37d01a4dec21a881cce6b8a77accd2c9746a4d14baed5916

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e1a4d6b58bbdea4f8739b2dea2e131c
SHA1 df9d9a2308c956149a3955bf322a03aca0389f7f
SHA256 b7f5a888791641f17de2d29a2223aebed2e16775d6ae98db038ae579a532e0ee
SHA512 f419c607030f0ad354898bf76b2c8f2a88485de0db86b6053c26add4dc8b010544e303bda0383ad30824f605b4982fcf2c765e626acc73ad410b8e17fb06b921

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

memory/2624-615-0x0000000000360000-0x000000000036F000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64fdaa5418c533d6773ae6d123cb480c
SHA1 d828d6d36e92c2d90df3f94e5d232dbbf99dc383
SHA256 ed8d7dd2428b4319b0dcfb999648343407519f28eda63012e0d812b2b3ee60a4
SHA512 ae40c7f1dad207c382a541f4e94f93421d40501ff349d289c90847b37cddbea83bc389c50b0f6fac27df064690b5f754f64040d888d35954017b60744037438b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b4f40ca176a7be2f888228aa95b5d82
SHA1 b02a9220ed731eea59f4f48ec69c4151107c327b
SHA256 c886f495b4c35a9284b29db3e2476885142b5d3d2e08ebc21e28089624bf810f
SHA512 fabef12a8c764cac288ad9f081a8e79c24da76077be1b750bb39834fae0913f8c2d9981600b9f22f1bc7c9920515906de69ebd9dfa7e1cbd1315ada19fc4e426

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b49e0c819d30b0359c089862f1f20eb
SHA1 fbfb4ee2976c5ca410760481207f4bc7e22cf1a1
SHA256 47f8f51851c08e22ebe3251652ca0821942af24c4abe39fd9b6b93c95591260d
SHA512 8e6b84f80c37ee272ac94b56f0ea663f1f11a6f6de93555e3e2e6a219084254be120b5b6fa46844de002f0d0a2d1e802ae965c83345efdc6082493f6c34200c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e4406b9b3181116f3528c4529c15b21
SHA1 ed5bdb3497720980ae4a4928dfbfad233f1effe9
SHA256 ebdb16cbe87daca90b635f038539424d2164ea1b1320bce4a21b32ee0292ab98
SHA512 9a09d7c62ef4177123210bf3ae80fc74cf89faf1b82da7a3d98b76da2a53ea8c6959b0458cf701623d5bb0a2980266b127b14e37639f6c6da17d08b7ac8b4b82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be3525010afd96d6cd0987ace3edafb3
SHA1 9ae3283b35d63d923b07397ea79441f9900b9d36
SHA256 d4a0b6c36a232684c4f294a5c11fd6e2979e92c5236193433685464303757c6f
SHA512 10d5b84a8e1910b216b61b88896c39b00c82294103b75efcd472c4d231ff5eaf9d57940e543a362b78f098231321b801ba67e603ed429ac5a1bc1e9caebc500d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 937420ff89f4657f82642472d1c20960
SHA1 e89198d1fb07625e66360764c5e7b2483c1d21c6
SHA256 63d74755a29ff0b05ba526e3a89b4e84f01f271fc54abfbe1e86ab5a605048e2
SHA512 d7020d38b8f6221c96015da3dcfd6d4b8f1b095e6c48ff913092f468c7ea63e41f7ba15e78eefed464ad53a77c54cc6ef2a8c46a61fbed6b32654fda36fed326

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5614adffb4ec92d95b63b19437025828
SHA1 72d88d711d31a5b0f1a041970aea823facced9ec
SHA256 c77dbc235f1c93a1ced016cc3d21c90d77359ddd8184d7fdc9306f681f11a9ad
SHA512 00e791a6226f80983eb327911631a0b8a16fb59aa81a48be2a2aea79675643d1c771a89439d462afd4fe365960d1afcb517bc6d284a3fc6378d4d1ef204ea959

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e97622631a1b0989f17e24623a8d6033
SHA1 1dc15fda8c0c7977777464e862f6eb4b0a928e80
SHA256 019a2b8eacd301f44ebdef75e6be53ae366ebbaef317a7d5dc8e0788f74eb522
SHA512 34fe7f41f0818f485b89c680245552781518e401d0e11aabaa55af71c422a13d72f0642228b3bb01239404f73a1e9de0adf76380554dbb25598140350523f862

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddc443971a552835511ea70cc5214447
SHA1 08f373727acad513215d3a135f01a474d4094e2f
SHA256 b6cff46986fb8ed770f2b09d0d4e37006e9816464d30dbf3a2f6a244364fe542
SHA512 3be1d14133b3e6c00b55b0467f371eb399dd45cce4f0dcd6964e0760ee6773cda57015c604cf62dd9aae713657945edbbf4925a90f1fdce9102e0ca72ed25b16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 599fce7f865ec048259ddd61cc335bc3
SHA1 8cd044dda134d711b6f4b77a1571892612e483d6
SHA256 1b9fe513b4f14255729d00d367044579a4f94d3f9e41e696acfcf0dd2d0250bf
SHA512 802ee7a246839db8e268fe2ead65143ee0bceb1d467588ae35722d3931b00ebe3b6284d95c47627d31d2886e1b1fa2905fbec9725d50fecc014ca5a4d0f82a5a

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-30 05:25

Reported

2024-03-30 05:28

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\349d13cf9e252ed7313f079df6ca3d38_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4932 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4640 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5716 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4624 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4828 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 count38.51yes.com udp
US 8.8.8.8:53 count38.51yes.com udp
GB 92.123.241.137:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 88.221.134.17:443 bzib.nelreports.net tcp
US 8.8.8.8:53 152.33.115.104.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.dzjjw.gov.cn udp
US 8.8.8.8:53 www.dzjjw.gov.cn udp
US 8.8.8.8:53 www.dzjjw.gov.cn udp
US 8.8.8.8:53 count38.51yes.com udp
US 8.8.8.8:53 count38.51yes.com udp
HK 103.235.46.191:445 hm.baidu.com tcp
US 8.8.8.8:53 17.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
GB 142.250.178.10:443 tcp
US 8.8.8.8:53 41.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 count38.51yes.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 hm.baidu.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 104.86.110.105:443 www.bing.com tcp
US 8.8.8.8:53 105.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 2.18.66.74:443 www.bing.com tcp
US 8.8.8.8:53 74.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 153.141.79.40.in-addr.arpa udp

Files

N/A