Analysis Overview
SHA256
17dace74c4170090b93900ac65c7c0164e9526ccd7453f40a86f194f5efbe67f
Threat Level: Shows suspicious behavior
The file 55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
ASPack v2.12-2.42
Adds Run key to start application
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 16:46
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 16:46
Reported
2024-05-18 16:49
Platform
win7-20240221-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\daydaybuy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000090d94b932921d89262ada6fdcce4d5c5c27d06cddf3d4fb31fc1a0364b4dfd72000000000e80000000020000200000006c6a0cbfefe03fb27c8d60e983f6e5e95cfa4712c690a1e01465964499d338c8900000008783cc9f488a0982549e1a09f2e4b7e8ecc3cf00c2b804cb133d7bbe4d8dd5b8bcc2605d442128149d269bd8cddffa8c3d5baffba29e38e75d4947826a947e56301802efee01a93e0d8f56b11f00cdcec6cc443868078d153522a3a824e94c5ac7da049288dfcb9ccb875467ae110e54de0c5aca83c5c55f038e56248e8c73493c44c10c6e2a5dbb51f82965595ab9a240000000a5df40ba130480408eb177da070450718c1d9430a85c571dce2d8fd48df6aa16eb03fa75601c60ffe22c0faf36740fc634da164dffc7b702e432dedc8d9c81ad | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46069AF1-1536-11EF-AC06-EEF45767FDFF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422212700" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000006db201ff129fd3ad8d5735ef24e4b2d57a0202bc201f01dc12a98454a053bb31000000000e8000000002000020000000e02d6de6e7c166e6379a0cfaba681c9a40b2267f8c53c7daa83414a1abaaa2052000000088499d284c46cbb412435a2af9e6425a71a5dd6deb5121f06cb9a0647c62776240000000103f49fd2fb06b470f94235765843e7fdea13a9c4a9a8a3d1366e7ff66456e2f3e5a711b472d96daebbcebfcbcefd446aff87e52e6fa29d55d5c47bd6f0a0b16 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0402e1b43a9da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe" C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://jc.110160.com/ad.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:584 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| CN | 58.218.211.12:801 | tcp | |
| CN | 58.218.211.12:801 | tcp | |
| US | 8.8.8.8:53 | www.safejy.com | udp |
| CN | 58.218.211.12:801 | tcp | |
| CN | 58.218.211.12:801 | tcp | |
| CN | 58.218.211.12:801 | tcp | |
| US | 8.8.8.8:53 | www.bobo.com | udp |
| US | 8.8.8.8:53 | jc.110160.com | udp |
| HK | 156.237.219.230:80 | jc.110160.com | tcp |
| HK | 156.237.219.230:80 | jc.110160.com | tcp |
| CN | 59.111.137.59:80 | www.bobo.com | tcp |
| CN | 58.218.211.12:801 | tcp | |
| CN | 58.218.211.12:801 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 58.218.211.12:801 | tcp | |
| CN | 58.218.211.12:801 | tcp |
Files
memory/1908-0-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/1908-1-0x00000000001C0000-0x00000000001C1000-memory.dmp
\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe
| MD5 | 55c2ed15ff8d8e0c5f99b0eefaf2b94d |
| SHA1 | ad0c08553445733ebf3e4cfbaf2264b7aa22cba0 |
| SHA256 | 17dace74c4170090b93900ac65c7c0164e9526ccd7453f40a86f194f5efbe67f |
| SHA512 | 961fc6d66a7431d318ff75cd3b7d6fc862500c39a02a94b9a92af97ce0d1310a0550d68121523ffcbcdef30f4c9422724d933b064e25b3e9dbe83667c8237f33 |
memory/1908-8-0x00000000052A0000-0x0000000005461000-memory.dmp
memory/2800-10-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/1908-11-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2800-12-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/1908-13-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/1908-19-0x00000000057C0000-0x00000000057D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabDE7.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarEE9.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17a452432c923ca5eea8186991d1fb91 |
| SHA1 | 4368d064aa5e482f117bfaeb8fdb4393fde0ba4a |
| SHA256 | c56041110af4b7686112efa1dc88b7ec25cda00996edfc33a0f3c8d443627a7c |
| SHA512 | 1e9745f78184335fd4ceda9565a5b587d917f7b97d7730ee33d37b94fc1b0036e53aefd0aca00444896b3f153aec1571b7831f822414a7722506b343c56bfe64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76ee52882f5863fc595d105123bd49fb |
| SHA1 | 34e2b30c09c81b61f499c8ceab0197238be7c01e |
| SHA256 | 3546049fee60604e7fbfba107cca261d965e601cf3164e4a0de2a7ef7287499e |
| SHA512 | c2f18d708b3044303e2ca927680fb4c82aa5d30535d5900058be887911bc7810d7678aa8fdea630aaa9c33318047247e36be8e982f8a63a768ddf35c26eee5c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe59de6451f1fbeed6f2d7c4398edf9b |
| SHA1 | 834d0d7c54393f0503fe4554f0f946a9da277b9e |
| SHA256 | 9209b23e5587d4aadb2451f8b850e2b4e7db859f5db8d3b7661a52e123cef9a2 |
| SHA512 | 776da61d2a2033afea461dcea8f9bd0a80da6d11abad3066ad42734e5e058882673125c36b5b2fd0649a3941d36a177c331e89c41a493575f64edb4016c77906 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3a50dd2f010084fd4ca91530caf5d4c |
| SHA1 | 4ad727b76f3b797a2e06a7103331a47cbac51895 |
| SHA256 | 9c5615ca0ff90d96e7f957ddfb3199a2aa8fedec52148678e9f95bcb802ac4d4 |
| SHA512 | c58fec4ac0068d92b07c3f511f40b999b026cc7b229fcc352607a98219b9a73e37617a8ff10d3475cc9cf03dcf1d3aba8ff9c3b1bb0dfacf46530624c832a43b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2feff1c2408b639a8937e0024c70466f |
| SHA1 | 0e92a9c969fa6ffba7bd36cfffa26b2c378ca210 |
| SHA256 | 606e9ff4f2a760d90b16f6355b6dcf645e33cc84703c65f17e8c5f589cc03a95 |
| SHA512 | 4a366b4d63308741079f81ee44f85e14b2c53ef837243c389b858e7c54e04f49aadfdf5ea66c2f9c464db7fa68163736d6d21cebb244ea979cf3bcbd9e23e453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d5c9c38e18091da7122000c96027aea |
| SHA1 | 8160c8fa56d937e2a8d661a1af4818bdda44c4ff |
| SHA256 | d4f8a6eb64cf9a955cf7c19e01705999efa7fbe7a4da47def88e4bedcb4ef520 |
| SHA512 | 79935f173f3a2162e808c1cff5b6e4ba1b77a72be08e406212066669dc9be1e037728c25d6ac869a81b44f599265fb1ddfff28425519f7483a2c35e4164bb41a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbfb3f8702abe5ef5e398219fef2174d |
| SHA1 | ae02b301c518c701a1145fe9e315f445c32dad9a |
| SHA256 | 3978bfba2c4b287bc9c54de31fd337bf1c6673261ec81c84c0913dabb7116c3e |
| SHA512 | c8432cd2f1e27e2750afcc8797ed3f57410ef71c90606a47ed1d1ecc733e9a272fc64adae094bfe6d371cf5d346024fd020cb28c90d743dcd9ebbf103be01846 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e163956a9d8d889160b42506f590cbd |
| SHA1 | 4e18ede749ba5d432aa1f5971347374a2c7b883f |
| SHA256 | 28cf371accd7c791fd3fbc273ba5601a42a24548d93612943e9b82109fa1ff7d |
| SHA512 | 2d2e1567270b6a9f190e8c15c71d19b478589952fc824aa983a8a0fd52751ac62a2e501abed83a290a1c85ca34f21cacdedc97bcdbba0fd7c9d40e3fb161c024 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29ab3b23029668b65b73624d1d9ed65a |
| SHA1 | 7d470faf648cb7e4a764a0e8019219d38c7757df |
| SHA256 | 4ca42e436b3bdc0e0d057f9ebe7f24fbdf025178f6391db4949406e7a03bebc9 |
| SHA512 | 1978eda9eb1b4c0de7e0deb029afd0ed92515880f418daf423c91500e3951a9200c174dff6a1a78693daba8f62419ac65472ec668e3de71b0f8ebbc54cf45d4d |
memory/1908-519-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2800-520-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2800-531-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2800-534-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2800-538-0x0000000000400000-0x00000000005C1000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 151a21658cb09901f2fd9cbcf5ff02e7 |
| SHA1 | 39625267b2ecaca0895e0c976d9895a7641ac9ee |
| SHA256 | ec021e4e5a5f3e2757e66df02bd37e9f724e641fd7f31a25fea38a917f7538a4 |
| SHA512 | d2481d17de0e85ba4bf638f60b166d23c38eab42d76d42f88f1b2dea1eda1a868319dbf815d5c8b7bff31a36177334c17138f77c58ee5794016410c5a62b7d3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36f0e8fae2ad1aa44764625895c70e2b |
| SHA1 | 575728b33869f81ad0b112ddca078fd8a3bf1459 |
| SHA256 | 6624351582bbf8abe020aca96ba909927597ce0f51d5398eeaa53828314bddfe |
| SHA512 | b80886f35b52af2cbe6d8e4342ce2620bdaaa84d6be675d257127764b3b89b47364b50501d6dd34fba28ef05d5d8304bd3e41d22a5a82a7e0b3efc8a8b1a6570 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e03230f3e1dba79c7a0b93b2c8b183e |
| SHA1 | 72a48fdab56ad0a34cc0d49b0eeb72f343f827f9 |
| SHA256 | 86ddeb2c553001abe5a65ca12e3a689aea204a45fd2ec2c57ea0d9893da47698 |
| SHA512 | 140a4374393b45887a027bb5558a3d66b5a4c4395a3dc31267e62000335436779c4a77a0e87cc7554019be1743bcf8eae2c4544a5abd1dc47bf5cde674075400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac36c9b4e44f46d78849bbe820d8d870 |
| SHA1 | 5531f75052fdc1f0742635a9e9d269deb07ff2ab |
| SHA256 | e6dc60c9c3608cfcf1adb8fbc752aab7d9a467facc07cba014718e938c38b27f |
| SHA512 | c06e2da729c6f32ece03ffc0f436c5cd92512c22d329efc60035c49b850d1591037f15f7e5f6946f8aab4d73f73796943bdce34203e14a2c32c7da61e760f949 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b466f4fba837fea7d66f7a90fb52901 |
| SHA1 | 0d5774725c5a0dd4bc763aa43c3563aa0547beac |
| SHA256 | 5ae4beb738fd0ef2143d2253bad4d50eed2c4ce8f059d40866000e2d4010a776 |
| SHA512 | 3c7115b82a37bcaac75355d8d8efaccad31fe36235f7390699d0e5a19eb7fbc61847cb16e1363de86c6154e219fa06dcc485c7b6cee52917987223b0fa11c183 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1045923ca453f6a4c9e93845b58c2c9 |
| SHA1 | b6a66868dfccda790d0750117fdd8c9d8a36edc5 |
| SHA256 | 22dd93cad346915de2d6e802b3c7bade6be24aa732b090497a921b3aedeeb66b |
| SHA512 | ce9ee93f35a0c6a151b032e9ba83cbca36ed02252b0a626da626ac96f8ce21fff62ceebd2191716eb85a8887d744b575d2ad99db0e0997b69a0f041333c9fa75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59af5c5a984f998dd8a5e311461186b7 |
| SHA1 | 906155b31083e3391849d22cf582ada286256148 |
| SHA256 | 6d8e2d850c3dcd32cd5ccdd3e78563ba3a9ef146292bca2f0035f07d5af2636c |
| SHA512 | 5a2640610fc4bef5bd316a41bec1bacab072b5ed7b479f0237f1bea675e197f1961cef6160ee33e10abfee754d18d0c89c6c65767b5aaebf728bb98a5aa03a4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 853490c13dedbd1dff1aab3f645195cd |
| SHA1 | c283864e902ad86bdb85063cab8af63aeaba9655 |
| SHA256 | d215fd70a92dc1a4a5a37d03ed92eeeb0362bc6795bc67d4e4ae50c9767e3e93 |
| SHA512 | 95613ed540340ab8e06bf1a8adca06f6626bd55b59a1fc4f17e1ff0bdb2e80c117b9f85e98a3cdba465b7386c1fda770dd6b6e2c014fae997016d2296672ca27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7c6d9d9ad89676ce4fce01b0e32ca3f |
| SHA1 | 4ae11baea4f0f23f52c60f2ef803423111b1aa7b |
| SHA256 | 43cfab421df28e10df1cf28f1b0d5125ff49f6c0b98805ba2c486357e160cded |
| SHA512 | a2825f458f6b624750eb7d59cf88f6efc18bbca1a434d8a86f6de25d32db2c8b42855a10a3c33065da877ef5ea28b144a484aa5ac75eadc6d0d1d31d207cab6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 300d6d4a930c196b48d937d72306c52a |
| SHA1 | ffefa4586868842911d87a4f61a8ca6ee4cc6e54 |
| SHA256 | 8cb1f81bad43ca33fbea0bb224b2134066effad0d16fa5f88a2b072c1dc425f4 |
| SHA512 | 0e27551506e420fb6950ff14d73c08c7df958c0fc7a9c7d7205d24bd02a9772410e71d49da619f7249d65289c99532a42450ef7ed25ef034006ca20f2acaa0e9 |
memory/2800-1020-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2800-1024-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2800-1026-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2800-1030-0x0000000000400000-0x00000000005C1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 16:46
Reported
2024-05-18 16:49
Platform
win10v2004-20240426-en
Max time kernel
146s
Max time network
151s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\daydaybuy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe restart" | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe" C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://jc.110160.com/ad.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4aab46f8,0x7ffe4aab4708,0x7ffe4aab4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1643924717695742388,2040107421608116269,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| CN | 58.218.211.12:801 | tcp | |
| US | 8.8.8.8:53 | www.safejy.com | udp |
| CN | 58.218.211.12:801 | tcp | |
| CN | 58.218.211.12:801 | tcp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| CN | 58.218.211.12:801 | tcp | |
| US | 8.8.8.8:53 | www.bobo.com | udp |
| CN | 59.111.137.59:80 | www.bobo.com | tcp |
| US | 8.8.8.8:53 | jc.110160.com | udp |
| HK | 156.237.219.230:80 | jc.110160.com | tcp |
| HK | 156.237.219.230:80 | jc.110160.com | tcp |
| HK | 156.237.219.230:80 | jc.110160.com | tcp |
| US | 8.8.8.8:53 | 230.219.237.156.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| CN | 58.218.211.12:801 | tcp | |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| CN | 58.218.211.12:801 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| CN | 58.218.211.12:801 | tcp | |
| CN | 58.218.211.12:801 | tcp |
Files
memory/2784-0-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2784-1-0x0000000002390000-0x0000000002391000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\copy55c2ed15ff8d8e0c5f99b0eefaf2b94d_JaffaCakes118.exe
| MD5 | 55c2ed15ff8d8e0c5f99b0eefaf2b94d |
| SHA1 | ad0c08553445733ebf3e4cfbaf2264b7aa22cba0 |
| SHA256 | 17dace74c4170090b93900ac65c7c0164e9526ccd7453f40a86f194f5efbe67f |
| SHA512 | 961fc6d66a7431d318ff75cd3b7d6fc862500c39a02a94b9a92af97ce0d1310a0550d68121523ffcbcdef30f4c9422724d933b064e25b3e9dbe83667c8237f33 |
memory/764-35-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/764-36-0x00000000022C0000-0x00000000022C1000-memory.dmp
memory/2784-37-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/764-38-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2784-39-0x0000000002390000-0x0000000002391000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_1964_YMDBTLWEIKHRACTQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d762e31419778c19136e10fbe23f6f6 |
| SHA1 | 1340d1a41a850a0c779aae3d26713669557d2e9e |
| SHA256 | dc2c0786fc45e458df2a5ea9caf37aaf12199223f77b8b3e0109b235c76b1e82 |
| SHA512 | d5ca3c6cbe288c6b97f814e6fac930e59874221541bb16fdfba3e2668360a601d3d981091a60c03144324f4fbab4c735ed5136300e3bd1aa87a2143236b2fc8f |
memory/764-78-0x00000000022C0000-0x00000000022C1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/764-92-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/2784-91-0x0000000000400000-0x00000000005C1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 77f1a48ccba743bc3acdf37bb42883e0 |
| SHA1 | 71f0cdc475ccd9b70c265410ec1423410621e1e8 |
| SHA256 | b78e09fed4338217a26a95ab8f077fbf52831bb241a21439c822e08053c61798 |
| SHA512 | c2dcc3b2e38c5fe202939af609723eb09e63ad9afba451f09e25b2e582dc520d2f1f499655fe405e7e65a6f0ba0d5b878b924e8bfca301038b743d3d0da23481 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c25c270b8243c1b7ac452edc67ce73f8 |
| SHA1 | 5dbc2119bf4fece5ee533f5d57fabcf460d397dd |
| SHA256 | c2a990d363cd54975cbba5031499f8e4cbc49263713c2bea594c030e672026ca |
| SHA512 | 1c500c035fc0111cf4ec913bedb375107d045bd471528c80960770a8236f7e29a9a5eeda36bc61af3c537200e069f3f71762dc58127e68bc12def06d319d920b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
memory/764-124-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/764-127-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/764-140-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/764-164-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/764-168-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/764-170-0x0000000000400000-0x00000000005C1000-memory.dmp
memory/764-174-0x0000000000400000-0x00000000005C1000-memory.dmp