Malware Analysis Report

2025-01-19 07:21

Sample ID 240531-1mlf7afd53
Target 88754fabaf53676407280de32a0e254a_JaffaCakes118
SHA256 bc6ef14fc1d83436bf9a058b4e32de4aa0b4138ec8b0d4d03808c5b066cde866
Tags
ramnit banker spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bc6ef14fc1d83436bf9a058b4e32de4aa0b4138ec8b0d4d03808c5b066cde866

Threat Level: Known bad

The file 88754fabaf53676407280de32a0e254a_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

ramnit banker spyware stealer trojan upx worm

Ramnit

Executes dropped EXE

Loads dropped DLL

UPX packed file

Drops file in Program Files directory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-31 21:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 21:46

Reported

2024-05-31 21:48

Platform

win7-20240220-en

Max time kernel

127s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\88754fabaf53676407280de32a0e254a_JaffaCakes118.html

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft\pxE7C0.tmp C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423353833" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E8AC5C1-1F97-11EF-A499-62A279F6AF31} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2644 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2568 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2568 wrote to memory of 1948 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2568 wrote to memory of 1948 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2568 wrote to memory of 1948 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 2568 wrote to memory of 1948 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 1948 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 1948 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 1948 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 1948 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 2320 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2320 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2320 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2320 wrote to memory of 1548 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2644 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2644 wrote to memory of 2628 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\88754fabaf53676407280de32a0e254a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:537606 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.6u6v6w.top udp
US 8.8.8.8:53 news.share.baidu.com udp
CN 182.61.201.93:80 news.share.baidu.com tcp
CN 182.61.201.93:80 news.share.baidu.com tcp
CN 182.61.201.94:80 news.share.baidu.com tcp
CN 182.61.201.94:80 news.share.baidu.com tcp
CN 182.61.244.229:80 news.share.baidu.com tcp
CN 182.61.244.229:80 news.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 39.156.68.163:80 news.share.baidu.com tcp
CN 39.156.68.163:80 news.share.baidu.com tcp
CN 112.34.113.148:80 news.share.baidu.com tcp
CN 112.34.113.148:80 news.share.baidu.com tcp
US 8.8.8.8:53 api.bing.com udp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1121.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1213.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d21eed00a05ee2475b9e49081501ed8
SHA1 c2072d1bbf6118199d3ffdabc0b8b1d7f928ffb8
SHA256 46ccda7a3b77b4839607d9f6b7cffd34cec55746a8d0fabc01cefeb04dcb2adc
SHA512 2bcc0298154c2f596194f4c141aa778cc27a8e67b00c3f2cb0421d4f4a7ee44633e7a2abef786082c78e19d44a3aa2d19f19fc2277cfa5d37ce404746222a211

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42d6f94c659b61324502274f694b3b6c
SHA1 3e316bc3a3980c0975f5d152ef7451cd13491575
SHA256 674e023beeac38c3edd4e22afa39581c08ed0a531b95d41d499a7c6ea2ab47b6
SHA512 c028967c13f5e1399216cd81b652da7782250f82c389d81109810629d87cfc91a48116529fd7872a4174f5b7421f9a8792f1d689a9ab30d4e89670dc382727a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 449ed41c2e996c5b4b6fac7109c78602
SHA1 7e68078d81b5e5296d248281a1ac1234be0d4665
SHA256 6cf29269dca7b2483867e638ac47c4eb4f8e62941433807908d6c9c0382408f3
SHA512 3663672bab7f565edef3861e2539900a6f985789e13e48722d5ddbb0f2e2cbeb74beec6a82efa021b15926291bb3a3d947aaeb0054f2a8c2c30e668fd9c4fb0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 412ca50c1919d320b782c8f28d48fa0b
SHA1 aa0888bc5bf5cd3e7d036336b67e7ce98268194e
SHA256 29d56e407fc793b930393c86d34b084a637117a6488365319872c1d141a20fa3
SHA512 4e5bc3c3148810f0098d9a280860748956db788f45fc9bd32b9572cf6ec084592c19673ad785af25ee65e4fa463e271c47f4218ee0c48fb5bcbb409c2ba7dcaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ca2d3843e13ba27ea91f855a1d70ffb
SHA1 99d71c458793ca9f82eb17a53182ca43e9683e25
SHA256 6bce14a64c6046b35f87c74174e3f1dd56de0c746af4a5130761562443add745
SHA512 2bb09f7b2ca02fb7f38b6df571cce68e1356c91bd838f4c5f9c8cccec939f787d2b186879365bb8f4292f0d16a1bda2334b8d3d1f8309b5f1ef0f9764419ed6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fba68488c0757b357f4f1a25ef6b53d6
SHA1 85e399b71a10c5f0121ac2a6e1fc390a28ee09a1
SHA256 d8934e3e319042343f293c814e8681e9133c06724f473d64937718f3aed2e641
SHA512 85899865f06e5f9a29f4d4c1a3b057773cc634e8f38469e94f2d961a69af875b6c39aa892e5bb03d6ee43f3cfd60524ba641c1f443049437765d3b3d646e588c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c70183a1c7d530d64d1b6365d5f9f367
SHA1 ab15ee708a133d6bba974866888a75a9612385ed
SHA256 a320e6df84ec319fcb5a896f3ee23ffa5b2e63b12fa991b9ddb6be5e874d203a
SHA512 6e47eff8b3243cfe88acfd578c735a3a8cd5edfa80972db5c3115a4faa4b3a68dcd1fd7b3c25e575717eef3e4e9688ba0d1ca0598de7d92b573294526b0624a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22ed99e3fcd679a20bb365cee008e3c3
SHA1 c4032519e2a2081a0dcf96143f38783667a23d79
SHA256 792e1e985a204384f7de3f60f2284f4da9c6f9c9be3e851509f090bc74f5f334
SHA512 5a668419c4d0b94dc8f85b6eed0213b885d2ada88bcc7baf0e7b244ca2c85e464e31482204cb57d8931cb0051fa08b69bd24351c94b9f6930f951ea5eb9af39f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecc4a030eed454f35ae14ae87eb6814c
SHA1 bcff33a38003886246de4061c959bb8ed1120d36
SHA256 7528cb5402c4cc11e0cb59d45b25411ab95bfa9b67cf8afba88729a899363f0e
SHA512 a8f10d714ffdeaa7ec52cd549b9f939078a0807e660b6e875dc5d2e17e62ae7f1a71e3d1c033d71e813d15cda48a8965302f6ca838970836a34a696cb53b2783

\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 ff5e1f27193ce51eec318714ef038bef
SHA1 b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256 fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512 c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

memory/1948-483-0x0000000000240000-0x000000000024F000-memory.dmp

memory/1948-482-0x0000000000400000-0x000000000042E000-memory.dmp

memory/2320-491-0x0000000000400000-0x000000000042E000-memory.dmp

memory/2320-493-0x0000000000400000-0x000000000042E000-memory.dmp

memory/2320-490-0x0000000000240000-0x0000000000241000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 621c3334fc7ab7308e43f59df27e240c
SHA1 f92d497bbf899ab751a2bd8865c740ff7fc805c6
SHA256 d6da81011c3a8bfc2a515f52c808f2f06c7bb565c2661c6e9e7b3c0fac522b82
SHA512 1b13f266b3b86b87a7846376160ed2531067e4c8469521d70e4d349ca031fd5bc54e02888b0cb17362d0a6e910a2ce32a1769fad1835212fdccc73d8dd0efe4b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b76ee3c6983cd5d2b48fd88c88084a12
SHA1 7f61fa763664c558fdcd80a531052be44dbbbb58
SHA256 c76ae35788abb23fa1ac895d6b672349e2b749fdb86318a36f6842bf8b9ed87a
SHA512 daa72f4f3fd2129201499bb40b9578fb2837ccdb827e466b3b60dbd151d10400cdab866d1f046bf69e8780068bdb17c6b0fe051a026966bcc8f88cbdcb4c60cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e3f048320e09e4a89765778150f10e5
SHA1 45d91eca2164a38a38420e1d88cb7660b11bff94
SHA256 fd67e2b1c28f0f3bf5dc7bc10d266f19e38127778ab11cc34dea5ad5cecfcf79
SHA512 a30d138f486a112a816fb9c83414ac9019a5aa8e788644ee771307312770e29e98b5d18bc318007c40453246f24fd2f618b222fc0280b8d78b69f0f2a995c820

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ac7cee3ed21ae3a8a4d3ef29cdc59b9
SHA1 a7e336d1afb7f0c622f984dedd326e82eb08fc69
SHA256 ec199a30ec8426362a19db56b26fb4f1208d6239e414f3c768a52504d0d37de4
SHA512 0668ba5612ea765ce8126dc767536cb7b34bacf710a9d2596e66b1b35ec2d306a8186766a3c287ee27099e18c53f319a5225b92b00055d657aaef53109786c00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6c9fc11a80e41867a5760d93a6f2841
SHA1 9d189c6879ec09048f39daff6455f2ba9d7d2d2a
SHA256 9c1712c282e4d59a1f22383577036e25d6a09b942dcba8543a76b5cba5ce49e6
SHA512 ffd882c223629a2d00fe91a509a68648552553723e552cff0adf8665a4945b6ff3be5133e85739f9b56ab59a44a7e0cde54e9515c2e4d82a66ab1c37784b6ee3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edd16aad1f0c9bd37bdf273d429609c7
SHA1 fbc6bb4bf47dc2fe49864d89836c55ea00be6aa0
SHA256 400c1ba24962b9a62feb06eeb44d1ad8da0c19dc8a7c98cea3cbf0fca00db1d5
SHA512 fd1b4da66eef36d3238197168b343e4315ea49d463fcf05230729d91ce8edbad8e174a27efa9b16f41e68c2385cac202407f44150ccb3979331a4deddd3e6754

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b8f09d2686ec513800aa4a7abb0555f
SHA1 a8300898f99402a94c90c0fd0a207b994f864707
SHA256 e89943ab69b59c229556bb6fb63bda5f7470c799d36e08e5dd8a605efeb937b3
SHA512 faee27c27d435ec6ed36981ca95e648200055b8f1026e44c9388b2b1dc9f36d970265b16b232c4dbf86b2c1b79a7d5ff9deb5b68bb75ce34d03d7d3c3fb3d5dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaec0459f216b367674898e52922d03f
SHA1 fb15be7b106f2a83c875c7e6b6aab4c76a31489e
SHA256 0957d2d51bb0b5a7ac480c0fd4aa54170af7d2625d23e4c53c210e5f1b7d0e4b
SHA512 f4016884545a27ef0f025ed88809cb505206ba8706c3dd78370e9fe5631d40e60887b45a3d756deb7fde2ec6245e7260235f53bcdb16b24ed25f75f0793276e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcf0183b86d0405017009a831927b16e
SHA1 d7160c0b799b9005bb098df9795585c3f7e2a14a
SHA256 79116279db5bb17e0a9c02a228843e99f88cf3f1507e60e72735bdcff891e2eb
SHA512 d6f3d0f23b8d8561d3e99165a0dce91ade047d460a4f9bfeb4ed125b02047de8766db4ccad13531ef0a8fdb32dd55bd38ab8c3ae57fdd2f267e68c91644a369f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89cbc72347859cc7f7e4f84f8b45e256
SHA1 cfe1c42b1c06084ceaf8da0eb0ee190f80013dfc
SHA256 ce4e68826a5ef774c213e6ac96d6736571c8e2aae42a715bd5e36e9b0fe4735c
SHA512 143499a97adb1053735b1d0a323b28a9ccdc244d242102113a99b331ec00ad716253a72df0f4aaac1c5ee30fd46d6515d1fc2deae6c4374d985d57d2e67d065d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 21:46

Reported

2024-05-31 21:48

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\88754fabaf53676407280de32a0e254a_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\88754fabaf53676407280de32a0e254a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5052 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5724 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3916 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5540 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5868 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.6u6v6w.top udp
US 8.8.8.8:53 www.6u6v6w.top udp
US 8.8.8.8:53 www.6u6v6w.top udp
US 8.8.8.8:53 www.6u6v6w.top udp
US 8.8.8.8:53 www.6u6v6w.top udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 news.share.baidu.com udp
US 8.8.8.8:53 news.share.baidu.com udp
CN 39.156.68.163:80 news.share.baidu.com tcp
CN 39.156.68.163:80 news.share.baidu.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
CN 112.34.113.148:80 news.share.baidu.com tcp
CN 112.34.113.148:80 news.share.baidu.com tcp
GB 142.250.187.202:443 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
CN 180.101.212.103:80 news.share.baidu.com tcp
CN 180.101.212.103:80 news.share.baidu.com tcp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
CN 182.61.201.93:80 news.share.baidu.com tcp
CN 182.61.201.93:80 news.share.baidu.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
CN 182.61.201.94:80 news.share.baidu.com tcp
CN 182.61.201.94:80 news.share.baidu.com tcp
CN 182.61.244.229:80 news.share.baidu.com tcp
CN 182.61.244.229:80 news.share.baidu.com tcp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

N/A