Analysis Overview
SHA256
8e73ac0a6f3354d5476c7d28f5ba389d52e65b637cedc27ff22c0cfe825c9b64
Threat Level: Known bad
The file 916996da2a24e74bbd5b57a7c20f0b16_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
UPX packed file
Loads dropped DLL
Drops file in Program Files directory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:14
Reported
2024-06-03 10:17
Platform
win7-20240221-en
Max time kernel
121s
Max time network
135s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px4DF1.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423571545" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8032f1029fb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000671068bcae24c54d8999e1d3d6d3294000000000020000000000106600000001000020000000bef2d7a284856bda480d5e2d49adf990994a97d9a56dcfcfdaef82917b930796000000000e800000000200002000000004013fa6d9d17386878fca29fc8406cdd9106fa8083468e95576d7b69cde6a879000000040e6bb3494826f6754b96ae1fc224357803fb3da73afb9bfa00d8f96f720f1db7b5bea1e7674b01c4b04a4d7ee76b0d7fc9b5231fc56c5755d37116483aa8549287f9660c626c98646b33a2c33616339d3afd2c91ad31e7e533c15abe0b74e8a8c3536c7b683b28fc4b04f65d10475055278a1ef1bba5447106f97368aac4749becda0916f77fb74566f9ddd29f4eaa040000000038e3f96d14e6a861440be280ac48d532301eae3b89c56f81ca9c54f774b7c88d976ccfe8a42c62526668f39350b876c38508f058c0648f78ebe016f3918817d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000671068bcae24c54d8999e1d3d6d32940000000000200000000001066000000010000200000004950a4503f7a45c5064738dbad81644ccc4bb5337e08860fd11cfa5f8bf8dd4e000000000e800000000200002000000034153d71bff73d89780180f9f58dad6f3571d18dab2d3b40b901b0346a88061720000000a9b64df9abce3d90a19b5780153802eb8df26083515a12e24c26e0da898fea3940000000eb7e603230b357d858222f374f50b47164d3acbd16dde7ab8f864539806fa70b0990251a0aea14f296d15a707b3d460054c5019c767a86c104b8a835cbb4b5dd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{13D0CE81-2192-11EF-9F01-52C7B7C5B073} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\916996da2a24e74bbd5b57a7c20f0b16_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:472073 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.bshare.cn | udp |
| CN | 122.189.171.115:80 | static.bshare.cn | tcp |
| CN | 122.189.171.115:80 | static.bshare.cn | tcp |
| CN | 122.189.171.115:80 | static.bshare.cn | tcp |
| CN | 122.189.171.115:80 | static.bshare.cn | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/588-8-0x0000000000230000-0x000000000023F000-memory.dmp
memory/588-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/608-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/608-20-0x0000000000400000-0x000000000042E000-memory.dmp
memory/608-19-0x0000000000400000-0x000000000042E000-memory.dmp
memory/608-17-0x0000000000400000-0x000000000042E000-memory.dmp
memory/608-18-0x0000000000240000-0x0000000000241000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab6402.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab6695.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09e24abf4fa7783e72329156fd5e5804 |
| SHA1 | bdc669d2222b0148c73ed9328dfe8c95a05064e8 |
| SHA256 | ea48d86d138c6a63a03f5f9ef8bd4dae6bf8c86464a4559c4a0fb61eb53836d7 |
| SHA512 | 366c741facbfb15841da3fee3af18e40625f5e05cb900a3d531c49e02ca421204dcbbd35c90a63dc2bd3945f329cb5790ddbb3c0fb11bb0df12a39c9e97d83be |
C:\Users\Admin\AppData\Local\Temp\Tar66C9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 757c8f17f16a981518891d5079944b87 |
| SHA1 | b2f14fea26e1b0e483830aa15ffbb49839d80f55 |
| SHA256 | 6906a7436e18969c44a4bb3c67a6c1eb1a4233420880584c5518743f959d4fcf |
| SHA512 | 7a2e66981377111f31b66b62fdf9f2c4074e34c72039e6420baaa0d6568396d84e644d16fce41adafde0fd50e66290df89973a0b63b4afc15fb7d2cd9b729ac3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca9b0a759c789f78df027b8a6f7602cd |
| SHA1 | fb3405c4bd1ae7ea827e63c78edfa17350ca5566 |
| SHA256 | d23af914ce2f34113ad0583b7b6a36716e77b154bb5965ff8fef144f83a9d6b6 |
| SHA512 | f11e6a5b4426c2a78f80774d31c5e462b27676ec4cd3608222a04da27542e1bdf0feaf0d2ae58a5322815d1eb7f378a9f449f5ea96f812c19e8a6d5927aa9aed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f6c3c9d62c11db2c66123bcde85d668 |
| SHA1 | 9e0a03e0bf336549fd0731d5c8d39e726559d431 |
| SHA256 | 88c4f7527ac95c02dff4f1e1ec56a1026fe2ff629be93d43e1a4a73abfb0f9ae |
| SHA512 | df31b3eb2ecae908bfeeb7344fa458bb7eb4c2559142804aaa80e43088a0b8bb987647577c72bf9ca05a9be30d7a6054f9bc9920722d4a13147f9457d6bbbb4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cdca3eff0fb5cfd10a4a02731577c87 |
| SHA1 | 4282f1eb1e6db400b1d96b9c2a56fff47a397b21 |
| SHA256 | 9b064b70f060cf945fac296fa247ec78aec2ec45ae56d74321b98c8cd2b65fa7 |
| SHA512 | e4b378db8cab2baddf6a89cfd49e45676769f711419eab51a491c7aeeede8212185a742138b80f93d86254ddc76869e40ec55206e9214a778cb910e3953685ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 680cf333a323ddf7a0279ddb9bf46fe2 |
| SHA1 | 9f0d6b5d3c55a3529906bd395e17ab47abf42bc9 |
| SHA256 | af15aed47047ae9c1637eba5d4bc47c5576d62c732f78b03f5ed17b2de0c73bd |
| SHA512 | eb4411412981e5568604953f29a20aabe4945516c76a083a964e1e1841ac87e8cd28f414b2d470f0e73c43821fc75752717defa569da54821306adaf133724de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a3f51d20201092e740d635e07aadf1d |
| SHA1 | 25471af27060c490a63ceab53f85e2ba1fc686ad |
| SHA256 | ab83c9367e97780c411e865935b5a57d00aa97de7d5f1c1dae52592d25ad9975 |
| SHA512 | b3defe11a9aff41b1074bcc60359443dce0e012b082e94a697f2b6451a316330b954fbf56a0973ddf9b40181e1d6db359f0d6716a53b8cfee5ebffc531efb0b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9db9b8c55078bc82b0d0a4cb270146b |
| SHA1 | caa760c9f14fd9101fe17a50f9da67741d0d86fc |
| SHA256 | 21ce3e89238bcb49a9825b38e548aec65a37fca11eaaf1dbdc1db4262df1c9e4 |
| SHA512 | 77256acd8c70d71eac652bb9368be8484409c93e79323bf0f5e924e627d572de3703d7458df34a73231cf00b53801e995548e6c58767e07ef454d7a51fd8bf0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b1631584ba0fdb0190ddf5a77bc2a47 |
| SHA1 | 77f0bfa63b3df23e43bff18b002316b788292977 |
| SHA256 | 1d6fcda8c8f32146238832537f1f99ef070bdb972cbcae0f3fc1aa73bcbb789b |
| SHA512 | 6607eaa6a99fbc3b3dc75ed1e20906e0e9b1c52821807f4f3578fbcfb73e0ed9489fc39e7b39e2fa11753258cd511374fd9e73ed0dab589d3c8999b0667308c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c4902ac07bad6a515bf0fa45f4b1965 |
| SHA1 | be288dc4054a1caa386f98f385bd47cebe81e2f8 |
| SHA256 | d461cdab8a113b9e2d7dc833c29360b824746b032ffdb375a6f0d76e2cf00402 |
| SHA512 | be0887cb7bd9aba91812544e01e9389df5fde004132059e0c3e414df8610a1a941551d6aac8a25885614c8606d98c96f2e6991ad5f32013244536ee68b7888d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72e84a20a9550095372120b792a9b87b |
| SHA1 | 0cad2e0eddaec237a05f603a9ab1dca13b65cad0 |
| SHA256 | 2e9e8ce1401057441284286f078e8a0d2b1f0d44839a7d3a190832a7caa7cf2e |
| SHA512 | 51160e9276c3dea5d8da6497a520928bd4b4383a8678b416c940b36e6ebe0fddf97cb4bb7484ca43bae27c96d0dfdad6c88e968a9a70b588185809fe76e92673 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e13e627e921577061992ef53cd6d750 |
| SHA1 | 262034364ce9d5ce2fd634ba14dd356a0053bf7b |
| SHA256 | 87416ee2ddb7c687f917ab7ce5f47e55c28b7bcdca0c31ca2dc0133ba70b97c1 |
| SHA512 | cea419e41cc4a16eee6c983cc26a697a4c77c988d69bb4a0f012c6684323bf6d154748f41d007410969ad9bb44033f33e744506be9717becbe2a43519019f15c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eecae8df3441da7f37ed0faf8af6210e |
| SHA1 | e6af778fc73c7bc7aa116c4efd41bafafedcf95f |
| SHA256 | 3aacc249464aa571a0a15597ccbd3b77b5dfeb605cef0a49f8da1103f7e50857 |
| SHA512 | 9bb7b5b822ac3fd5e17887f5c77b6663aa44228b522112831d7c4b2030bc3e6eb0fb03fe8c55ce58b790c5438a0850355b1fff98346c2e440398537128817aa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e87dd68131b0da0db781b0da75a1daf |
| SHA1 | 915e686374f8c98e714f1f630f23f64d23952b64 |
| SHA256 | 39803517a3ac4d840b28e954360de767e618ce215433aa202749a5abcf5aafb1 |
| SHA512 | c0a83bc5f4f2ff5a353af935f5642e49ed5c5bb7548d675ec71e8dae93e24e8a647c0f479bde50ff2fa532bec35d588af04d9cf8a7647c055137034d8b84a2c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48e1b17d912bd2e829d67b7c22fa382b |
| SHA1 | 0adfbacb2732f771792fcc7872181213607c6eeb |
| SHA256 | 27004599d937fc7c19710d9adc645955a5b722b5fc9392810ed1fdf57b7271c0 |
| SHA512 | 1fee12270defb20416b9acc853f646d2932f4749cf1a3ab437bcbee03ac1f9a37b2412ad6151541d9874a37a227bcb655eb90a5b399416e28cec88781a01ad39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69fb41ea46b2b857a666c25d8065fc9a |
| SHA1 | a2a1f6b010d29fd2e4ede95b9ee7a861d3faa926 |
| SHA256 | 0e28a11aefd13b77860cdcbf39e99be338eedb85a1dbe1795d73a20eea4114ec |
| SHA512 | 14402a48fb133c2c9bfbb0fd1ee6ee767a8878e4ce708fedf8cea7a758482a824c27531c7e74fba8855a57bf98cf35a4b674950055af06cd729fa62b7009a995 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c223b2cd5bb85f24c6913f36e9b3b1df |
| SHA1 | 1fc4ba1f7aa74946cc3b2f4b0576e066dadcb7f4 |
| SHA256 | 1a77a0da71c1ac2f453e61177583da45a24000952c8464bf9453d0bb3e98e484 |
| SHA512 | 040ac434af304a07a07f6a82f196f439a6f1f3d2a53d0419cfe95cb8ebed5957ca11e77e1c9466d30f2c7e57117bf9404a3b8eb8403479d8588c03982c6478a3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 10:14
Reported
2024-06-03 10:17
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\916996da2a24e74bbd5b57a7c20f0b16_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4140 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3716 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3412 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5520 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5812 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.140:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | static.bshare.cn | udp |
| US | 8.8.8.8:53 | static.bshare.cn | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| CN | 122.189.171.115:80 | static.bshare.cn | tcp |
| CN | 122.189.171.115:80 | static.bshare.cn | tcp |
| CN | 122.189.171.115:80 | static.bshare.cn | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |