Analysis Overview
SHA256
1d69bcbc72a131a4d03aedb66bfc6a0e0f6dbfc97e46f675f12b606cf17a1ed1
Threat Level: Known bad
The file 8605e735f755b19186b654efc2857890_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
UPX packed file
Loads dropped DLL
Executes dropped EXE
Drops file in Program Files directory
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 04:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 04:52
Reported
2024-05-31 04:54
Platform
win7-20240508-en
Max time kernel
121s
Max time network
131s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px229E.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000060ebbcf521ab535309f3e10066055825db27e6778e0c7365c69781e103a4cea1000000000e8000000002000020000000bcef6a70ca26f58f9994b136605365959622a1c1831f99a8d6b2bcd6d7889a63900000006fc47ae79b03fdfaca08ac26e9508a8f91256bb597027cf490c167e9ff60ca2a7ff798d58aeda69b9410ff0b19fc2688420e21f25472c3941385b10f3e3288843efac5e58ae974917d38f793dba7fb74002ad8be7dfb74d7ca4a5fb3128db40329f1f93f5b7d08d878dcb38c2c8b428fe5bfd2b06530eadd17b5eb3154c0ac7f32accbc0e00b98c284155c07b85c289540000000123bc25b61997aca8105fb4f7bdc2d72339f342f15bf05abfd9e4eb1254abcaa2d34cf790a83fa4eac4fb999d5a456a29edb6494a6204d50ce2860c7db3eba90 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 406fea6016b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423293000" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000009faf928a2475db129d7d6c883bc706e59add0115455d6be6f395969f13dd6a19000000000e8000000002000020000000f3f3c07c50efed74c222020f56c47ff0e886079dd5a5e95d31441fd9aa6cdaaa20000000b95ba2006387bafb1779ba6d90c737e70e96ce7b50cd5c461aec17fb41e07322400000002fd69e80865e0c2d41b180552fa9c95aa0e6946ae54eea28ed021f13373a701763b80668b52613e638c2a69d1dd2bc7635a57ded2fe7f643f9dcd5619f10f5c4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8BE685D1-1F09-11EF-931A-4205ACB4EED4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8605e735f755b19186b654efc2857890_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:328 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:328 CREDAT:209933 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2724-9-0x0000000000230000-0x000000000023F000-memory.dmp
memory/2724-8-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2660-18-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2660-16-0x0000000000240000-0x0000000000241000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab3747.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab37CA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar37DC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80cf85fab356d5924eef59ab648adf99 |
| SHA1 | cfcde2e8741379d125f85620c5cc07f9cd568b2f |
| SHA256 | 21892fb61d99ab541bb2876452e69cb7db88a14871d5a0c32c33bbd8ecbf353a |
| SHA512 | 8e68a95fd683d3284349448c90d3d3bb1ffecff7ed5ebab863fac1462bb180e8879e4deed88e7a2701bd2ee85996f518860a9cf168b92e7ea73f775356387681 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10921551ae8a7ddda979c137e755fb5e |
| SHA1 | c570fb778422362966e6d63537c386569ea6d69f |
| SHA256 | a4db6e8be03eda3c90b215a4eb14e56ddb7789de1d0984482b86717f35395193 |
| SHA512 | aff295edfb8449fa17274dfa856803a734d24b1b07246682d78b50e80239e48cf869ec336a316c0b53bd9e41b8476072cb4b7de265793f7a5025c8de1f2dbe2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22d0dccc69f0d14a07500050efa55ef2 |
| SHA1 | bcbb5cd56715e516bfc386f874c9080ad47d5897 |
| SHA256 | de5022009e55c1b80500859c88d489a6a3e24a8e56c0d481b7fdb523455d713f |
| SHA512 | e67ef219f87970a2180cb055359a8d739edd1fa173bb2b0c1291210845925e39356c049136d74bf52d4a5d301ed2a5f51e8754608cf9591fbc98ba0c2cae5da0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07b0a0a12e450074f0c805fdfc8628e6 |
| SHA1 | 240474db5c2381524446e99bf45c06aa83b43ae9 |
| SHA256 | 11f99a9da38e88f3f71268e4406fcfcc6a16ba387c317bf436fd9f85b98e7cdb |
| SHA512 | 5063ddf22ef933d0571c025f859c136b803cc4416e441a107ea3e439f7824c13ec084b0490aab6bd565bc2aa65c1f0d1980d9141b486c8eea29e2e9f4cbc763a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a007ab62554f5d52ec8190502f92a33a |
| SHA1 | 8f391774b1a449c21b01f1bd4458be2fec6c2369 |
| SHA256 | 2187b8656f8667d5e55a6c9bacd25a6a957bda539cb04016d1ccd6dfb27aa485 |
| SHA512 | d9f92945479b5078e45cd2a2bcb8b9bfe0870beb88e0e2a6d920f429669c8d18932ef6db0c7f41309f18729598dc414ccc3c2a15cb2fc70dc46f53430d368b8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0cd7ded44985e9eb3bf6beeeb95a9be |
| SHA1 | 73d91e6cad69c4c0d4a7adfe3f17e313ad9c824b |
| SHA256 | cf392cf390fc999ef69603d87fb6704db2e8067faaa7c5299d0a483c1d7d5bd8 |
| SHA512 | 838309b18db92f4bb128b53d8b4fc8872a81edbf58b0dd0acc834f90325c9aaa5dea073143b651b9a13c4ab02b773c78d94576e5781687d09b258bfb50082205 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3794d0e58dcb49ea2ebc75bb1b832aa8 |
| SHA1 | 19a47fc7418653591d7dc17a2135c33d626e3c45 |
| SHA256 | 5073cbb495135a047e750b19b1b2b10303a3c7f118dc1f525f42513d8faeb877 |
| SHA512 | 771284c6099d1d6f8ff53fda6e24c335d54b9376aae06d02b3b3f45a78da5fb8e3c8441c05888751dc61ea86780652c338b1430f5423449dd5b9a1a36f37c0b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ee043931b530250039f4ff14a766466 |
| SHA1 | e36e5dd19ed959c30c482bc24fc9a53800c68042 |
| SHA256 | 3bbd74c866e5605513978aad93d10ded074dd3c6f4d6bbc026c4cbd02a59554b |
| SHA512 | 394a58f7e416bc5768397fb1da2fa29d3e6c5ac7cf59555eaffe7ca444f2e628abc18f7f0ebfe4b904c103c7494bd526b5cecd62d2719a60e9632227e33d4cd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1dca4bfa2174024d5bd4796fb62b6c5 |
| SHA1 | 9deccd55a8f66413f789f9e8306b374e5d9f9597 |
| SHA256 | 0c931d867570be93f5d1976b14c333311b2b14f37d8a4e5191a6187f2053c943 |
| SHA512 | bd56a279393959dc611fabf3e1ea32e74859cb8337e21067f0d9df5fe882955ef2294ea23bf971f013bf9e96a5aa841afa8da865a7d4ca6da04a6b770f0bc2be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84c4ebc704a3aecfdd2681e40c69771b |
| SHA1 | 38a36f0a2fa823732cc3f8fe1226cc09efa1a2c0 |
| SHA256 | 5ffe3fc45fcd1fbc55981982759370f0b1e63e2dfb9906d7f5ed421ecc295010 |
| SHA512 | 97ad84f3f041f0cd5d95d11da7b0362f8b19cd2edca4e4db11da985ee784260dfc01046d3dc5c5efadc936184326bdbe1d684369ff3ac4942d6a833403a5f6d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2a77ec288649d2fc5bce1c80ffc6a44 |
| SHA1 | e014d37f180d8a8cbfd5db30b205acba828f94fe |
| SHA256 | 0f360fbfcaa17b9397f380e1ca7aef48c2ad5ed5050078c721bf9ea99e827ac3 |
| SHA512 | d82281b07d0d894a3b0ace21673b1481d479d5f7789ae6f1eea71b7d66e9338e8c1fdee93cc2437b17362423a80cb023d836efc7140c7d44694bbe3e63b85bd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2dafd0aa6aa3cf2e4f3caca66471fd30 |
| SHA1 | b78e29dabe713d2483f91f49631a24bf086ef8c4 |
| SHA256 | cbcb8d50afb0699aeb656ec63c12b108e3725f84eef781490591c6bd9b14ed94 |
| SHA512 | 68fa912ff72fffd9796ce6e4a54b108446c5eab4e99295ebd8362e09bdf3b4e602853091cb2de39cdb2c7a21dd81dbd620476fa11105ab1a0394e9c986e1cfd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b5af42895c74545c218c60c808ee669 |
| SHA1 | 65168951d9393cb19905ed2432af301df8bac6f9 |
| SHA256 | d350b764a36172919570e95afc0d9873b24aee9afc70d9b96eb3091644fd63b0 |
| SHA512 | 4c96c799ee44cca9dbb65f6922b7df7bf9fcde14789a85a387e3eb23e2b1ca44ebdda767775bf649bf3e86638e96c5555eee564cdbe9dbc30d6d1d59d533c59a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69d4585c8e75b14bee77472e025d6d3b |
| SHA1 | 79128b6b68fde9a05d5b9a800a1c28d45b439bdc |
| SHA256 | 55390159922faec91d83d8ad7c574d11e3542deec3b5086ec1ed0e7623c74c69 |
| SHA512 | e706079f66a54434fde42c6027d8eb83f2c9c9f9050ac72de3de67fc36043806cb9405c0625fd9c2c7c5848b46cb704c444ef26b1e21b53f09802d8d25200307 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 183e0be3776536c0892da5a6cd7588ca |
| SHA1 | 99183db35f2a56734f9908b4e435798d9d31df77 |
| SHA256 | 1ac4b15507b2fecb532d5292413bfb740c51abd5ffd607fa05dbfe7cb2886862 |
| SHA512 | f061b9c0d9222cf1502ca748a098b563945a4ee034628028113e650ddabfde3e773e08b7880a81221502aa48f81a49c85d3c987bea2eed30a7cffb85699becc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcaa0aa2a5208cd4c6ec40edd195b16c |
| SHA1 | f56179b5dd6cd3c0aa84d23228cb1268bd24742c |
| SHA256 | 57bb0d863d8c178c80faa81405648201cbf68ac1b83e487b7c1ebff389921177 |
| SHA512 | e84aefd6a0d32dc7a8cb17f7cd236de342610398cb6571310ad17bc2357b3ac034f91714057366e4dda750a6a96c3696c36b77efd77a6a16a80d6f2d86b0a846 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7cb36460ab0e1e0766334d217e56913 |
| SHA1 | da419ded8ace4c4d971fda605c1f97cb71a462d3 |
| SHA256 | 64e70229ac4f1ef6b7c3e32e799bbc6f9bf717e42fd872a04a797c1b4e26b61b |
| SHA512 | 9252c8d4e7b40fb94cc2bb2294882e1f2f6b33b2de91b1349aa34625eebb8bc8729e69993e79b0f3cacfd7a9f01227b9a689fa691c342d8bdd3fc09dd550db26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7db53b8abe1157b08f1c249e80b354cd |
| SHA1 | a542cb32b2ca1786d12299b836124588afba6e1c |
| SHA256 | 8bbb4d14531e7fd08bbd0050b28e1c2eb1c755b2b6227c00dbac2c42f029f357 |
| SHA512 | 7e0178ffb1b5197fb02f15d00229129a069f8ef4f9c3628c7a405738038fa63d8949aaca1857cbe6573e7e648b9c60ab1b81773cfc15d34a0f982152f2c08e61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec2001e2631209fd0af4464b6cf41ad8 |
| SHA1 | f25f3b444dbd32ed209ae4bd7c61b4deadee44dc |
| SHA256 | 8b5854d115932e67facb46a033ec8982e7583b369f2feb7161fa67d846357610 |
| SHA512 | 84343c4defb85e43f133c3f4fed46a06e9f9ce4c717e318e7506dd625542671a1c5cc8fdae26acdf163203d4bcc512c4f82256d7b7dc815fc3b8674b6ace4397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fddc99f343e9f8ff114271d53bbedbf |
| SHA1 | 78819f24425ed9912e05f8cb233ac13849cdcaed |
| SHA256 | 56235d8424ec4d6b9d3c479f65e49d45a4efa85bbf2e7862d31a1c4476c23388 |
| SHA512 | 9406f3b27df7b6ae45cb0c5ffcf8e524997557c04d2ebf889691a4cba69a6e213d92317cba606b9687be450a2ff22c15a5536cc0a95ef64f6446370a7ef31c14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbf03bcc81d06e9482ade767b887f42c |
| SHA1 | ca949e087b29dd6eca5f55e3bbbf4c7f625a2253 |
| SHA256 | 8e059499a99d7bb9a478d0dffbc5774d0ba33ad272dd04ab94b7dbbf94b43c6e |
| SHA512 | 31566880089f9c612b1fb0146299083246dc9069415b57769d86878e16d54e2fab95a7dbe0a0b70a1011120fd4ef9f442be690e95c94fbed7e9b5fb86b756f23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a02dec2c70d856d3a91e61cb0ffeb82 |
| SHA1 | 3839d8c87f5acc803e5614daec11f2b5f5e20720 |
| SHA256 | 6bc6f8dd94937c2f5722c8fbdf63ba5f0fda9d7f50939a66a740dc6bf1e4f6a7 |
| SHA512 | cf4b377324842949e731cfb21a85d380407adf6211b12c3c24c3bf1b6c1d1ee1f146501ec6ba053251cd6e0e7c9ef4d8046683bbdc1b9ca6e5cdde9ee32ce776 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 04:52
Reported
2024-05-31 04:55
Platform
win10v2004-20240226-en
Max time kernel
140s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8605e735f755b19186b654efc2857890_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3716 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4620 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5364 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5532 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5776 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 23.73.139.27:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 27.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| BE | 88.221.83.227:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 227.83.221.88.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |