Analysis Overview
SHA256
778f4353c46facd9efe98b08535bff60b9065e17c617ae724db33e60fa5caf28
Threat Level: Known bad
The file 9bfe35327fd4bcea56811c342e623cc0_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
Loads dropped DLL
UPX packed file
Drops file in Program Files directory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 21:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 21:30
Reported
2024-06-10 21:32
Platform
win7-20240221-en
Max time kernel
144s
Max time network
149s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px8150.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px823A.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px7FBB.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000027d3d63f19512b4bb878006a56b334780000000002000000000010660000000100002000000031fbbd7706bfdd9f6ccc7281c63d4d1678b7b42da1c3f1411323a6ad39ee65a7000000000e80000000020000200000002bb7f27ad55b86f6abb7f3dca999430d8c164bf43aec087d243c485335b2ae2520000000ce69423a5f80c7c474834ea9de23234bf0142c7ca9ee7ac10caa1b5b16a58888400000002bd4fa420ee4e0361808a31484fb3488cd29dec9e4bf6ded35eacaf7cbcb929425a215beb4510d65b83bb4c35b98abb2a663b4e666c0f508e3e20d027b2ad273 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0DDE5E1-2770-11EF-8706-CEEE273A2359} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 702188767dbbda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000027d3d63f19512b4bb878006a56b3347800000000020000000000106600000001000020000000728c528f2936cc82a9d54ecdebec3036c53df3ed1c036c1e3b962fed7befdfa9000000000e8000000002000020000000a347d6e9396cc822d04e8678dc2b9011b1d888925183e79e90b613b8f631d72490000000177af9f8543a0f23ba12ce5d46dece2d5448351cd5607a4ec4645a6ed0f2cdf32feef1001209b354018b9cda1f5aad84b32310b285bc40a23d79cb9a2c5002a7df0d39ecbea7dd5642e330a17d4245f16716719de57b012ae309fe3438c790cdb28c4e103502686ead6987d1ab938de982313ea72aabeb966e5d2a7c460ad5825253485a20eb420828f41bf3920945f540000000f5aaa587a611641992e78059d7ea5464a18334607ff7d91f34ef03044a6c4e43d5231facaba356f18a62e9fe0127c34840b9cedee6dc68da20f4c7e1dd1e0dbd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424216885" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9bfe35327fd4bcea56811c342e623cc0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:209929 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:668678 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:799753 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ym2gk.cn | udp |
| US | 104.223.228.55:80 | ym2gk.cn | tcp |
| US | 104.223.228.55:80 | ym2gk.cn | tcp |
| US | 104.223.228.55:80 | ym2gk.cn | tcp |
| HK | 103.233.10.189:80 | 103.233.10.189 | tcp |
| HK | 103.233.10.189:80 | 103.233.10.189 | tcp |
| HK | 103.233.10.189:80 | 103.233.10.189 | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | 42bacbdf56184c2fa5fe6770857e2c2d |
| SHA1 | 521a63ee9ce2f615eda692c382b16fc1b1d57cac |
| SHA256 | d1a57e19ddb9892e423248cc8ff0c4b1211d22e1ccad6111fcac218290f246f0 |
| SHA512 | 0ab916dd15278e51bccfd2ccedd80d942b0bddb9544cec3f73120780d4f7234ff7456530e1465caf3846616821d1b385b6ae58a5dff9ffe4d622902c24fd4b71 |
memory/2552-8-0x0000000000230000-0x000000000023F000-memory.dmp
memory/2552-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2596-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2596-19-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2596-18-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2596-17-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2532-25-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/2532-28-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2532-24-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2532-23-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2532-26-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2460-31-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2460-32-0x00000000003E0000-0x00000000003E1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab981E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar99D9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3704d5c8899d8090c42cd3a0c01c69b |
| SHA1 | 27c61c3756ec27f7333d11ceb28710f8c77fecc1 |
| SHA256 | 62d2179fa45a18bea574b2dc01f37b6f040e5dc55e3066d011a8f2a40eff8e6a |
| SHA512 | 17e63779dac1c69575cb1176799e9d80f3b7ea74c70fc182bf2e9d9c0ef26348225f703fc6ebaaf1459d9d3b7115ca15e0c1e101172c68ddc3e2d23ad7f545c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78b9139713fe548a9f2f9b80ede63f70 |
| SHA1 | 75acf593958a9fe70210aa4bf71990b30e43cc59 |
| SHA256 | e6bb747feff23c9eb604073d8ed3179d8532f475629b4361568e6a8647aa6d4d |
| SHA512 | af694f336247f7f73649ce62ecbeb3b2553c8e3ff8164df34ad0833d314b6e7d0d817027ef3e0ed4d20ecd8e2617e7f1f3986f495cac2c16b45619085a24059c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c41e9ff14f9ccebf42c65dcacf8d58eb |
| SHA1 | a60c47c997467e8a074fa1a2a204834d6fc3daac |
| SHA256 | c98753c689ae347ee0c98f5da94248bcf4639d013bafbed264860a5b036c791f |
| SHA512 | ae90ca4d3e07985e9b35d69177f7457a47c0b15de59e2b083cb6bebd03271b8b41c91c6e1349d59d528b2cc8f408e73f6aea1534038ee9776a82fe2e85bc1857 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50ec8ab32b1d4e5d11ba8d483427f534 |
| SHA1 | 0ab80c752934f5a92b2a95a9ce97f4894d11afc8 |
| SHA256 | e4b9f635dfc91a3981033b4c57100150e87a9fc69cfd678678d3bea2d0852cf0 |
| SHA512 | 4791a4a1d4185c89ee7f7de43269286c2a5406c60f2cc751d98d3fced10eaaa5e7f274537a05656aa87e3832f7351150f2ef551085f9d2fa280beeaa7ed998fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68c15887c59116494f171b26c4f286a8 |
| SHA1 | 9962c60facde58fe66b6ab1d55983ec6d17a89a0 |
| SHA256 | 599ad8b8e8d6aa19e723186c7cf4cae487ce9116809650a8d14a5a04f50e663e |
| SHA512 | dbba70dcb9b5ce591ec757b1661eb5cc566cfbd6eb68d9f6d0cbd2a99d1beca4ddc992a86565273b253cd57e27ce9b4d174a59524064219d436ebd55751cd5c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e85ba20ecc05fadb72a54b6203df0c6 |
| SHA1 | f3f5db6409d887d599b7236a69a66fd8bf3cd90e |
| SHA256 | e9048e58df20e4ef3a0a753c82333295074154957df71822ed00cdcdefadf377 |
| SHA512 | 744fdba26958af24033ea176c3a634573496127e1eff42a2f03f6d1e024ddb64dd788f83bc410f4e010e88427b8bcfb11ef88ddd13e184c1b1be5584250e35d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddda6a5772ce186ddf05355f5a473e7e |
| SHA1 | 96ceaf4761ccf20167e58d351d81e47576ddf26d |
| SHA256 | b6f5b5d4b6e2ec212b7b6826549e7609cb4d94c60071a97d58caee4f72566265 |
| SHA512 | 62d7559fb20e933956642fd159d754befa45c48e87a685c89da314f497321f636094ab602d7fa19ef28437524da048ab97ab19c258d81594f21728c25e3bda4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 549e1509b6c30d33a27605b602811760 |
| SHA1 | f91525f04bf6711337578593ce9074fab8674130 |
| SHA256 | 436c054253ec8d3cca9e423be296bafaebabff0ddccbb6fc7b80fedd7676f27a |
| SHA512 | 45a2de280c0dc245e099262c942e39cb7dd96075f9f9fdf9d0192f4c853acf6d2c8ca62cf00d1e03916838fc81cdcb8c77bef44e4f6a6b915e03c2abcd194b9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0936defe211e73d59f4f489562c0e894 |
| SHA1 | cb5a6659ada4b1e9116aa0f6b36c60feedc66e53 |
| SHA256 | f99f1a40715b904ef0cf92adc7e23da5aa02e9b4ed41bc993261b2c9b8d9d61d |
| SHA512 | de119ea980f5f2724740020e2d8dc688aa0cf09f42993b24af4bdb195346ec5df778e2c6757307cca60ba2acbf2a47f38d2f73b6817baa8d016f60ede7a11775 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e95a459d95dd5692506ce51f9735c7a |
| SHA1 | 5402d16f2cdf3388cb2247477a144be3cc44db0e |
| SHA256 | 43ec5b844ac66c58fc01f0dba58839e0239602b393471160d4431e6f5cbcf351 |
| SHA512 | e6fa98468f4832a8fe626941be4b72ffb0c6cf8a04e74c6794d54a52eebd7fcd0e2f44ce6b3cbdb4ad53ecbd98c6c1439a37fc52fc5a38cf9b4dd91a80569f88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f8285f312914996febe0a1651bb9497 |
| SHA1 | b740d6a331c8a5041bbfc399332dc0b1f6c7f81c |
| SHA256 | 4bd3269d833882a0f04ae9bcfbd95f9bcee51d4e045ab0b946c5b0454d916a51 |
| SHA512 | bff7bf5939ebdb786e6760c52c8e99a26888173f747cf2445fccdc4be66e0cc97c507f3ef8bb261252c1179079d69aebd731ae119b152e0b4109e61c86fe623c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3f0aae582a13eda92bb74ac95e86a15 |
| SHA1 | 5a54a9d9915de86e551e83cee835b7d65f075a02 |
| SHA256 | 8125b965c76b1e2a9b95455e043b6d327ff4aa15256cc1ffef927ce0278b767c |
| SHA512 | 28979ee901f5ca8ec473068a280f1400cba5ad3e0eabbf2722a8e5e70a586f1d960a04602c2ec6508bcd6799ed11b3d337364f50032b899e999f84b82bae192e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e04fd91ee563c3d21fafdf840ce5738 |
| SHA1 | 93e7f8f4d3f09b22cb89065c8dcdfec7349859da |
| SHA256 | b8ee5f166497d341e860ca876ce03af18820547ef3f21beee32a5476d74ca87d |
| SHA512 | 5414ad02396d66241ae677f73527e0e3285a8451e1bc03e2276d144ff03fa303ed4c0a4ba6dee9e562a0a607b769758bbf6dd81123a3104efedbcf274c6e835d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8180a023d477b847e45d62daf064544a |
| SHA1 | 771d47da9182461659afb1890008f774b40deb47 |
| SHA256 | d79ac81f0f4bb9bcfbc5c6a6b6fd2bba5782adac94f8b9dfa5557bd8001c4913 |
| SHA512 | f73f6c3fffab3e6b6122fe9ed812401f8b998aabd8ddb6fb085ddf304eae67cbd86c0575cc5148d54fb0de33230c049813b272648e84138e019ceb20de259b68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57c1d2547e74ae7c98c7c62a203ddd0e |
| SHA1 | a4453ed9b03b26a970c18229aa1bd70e1d4c7a10 |
| SHA256 | 828d002fafc2614a75f6a10834acf1ddfde7e895a2273c830a647ce8dc98a579 |
| SHA512 | 055e6863ae0ed3960479b586392da4a7711c840d1b8bd0cdebcda08959869a2eac7921e1a4c3d4f89c511eaa7a207d3fcb5ac71286f808c89ee8797ab97bc36f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd9228377e2faffd839c4d173a5e2760 |
| SHA1 | 4c8bd2d28dcd78a203f17c59afb855e698f9b389 |
| SHA256 | f6f1cc709c033e48d2d6634ce8f8b0850e65c45db6c733604cf4d0c1978d00d5 |
| SHA512 | b4364bfee283f004f193677f91949eb9afef882ea551139446895826651d36cfd4dbff3411bde62cfedc69f9c2426d69ff74639819ca67fe8d991cc31c2723b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2172716ae13369063c593712732d5cf |
| SHA1 | 17dd2d14f921d9e1020193501a5a788ae3984301 |
| SHA256 | ed15030aa52d915fac5e43186b21e4c00a28378f7417001aa75c52d59f81cc9e |
| SHA512 | 3817078ace8f2ff28d3344b84231a70b6bcff4a164a9b458ffed2727d6b880767a5263aa5415bd66b92fd65a551b5260fe7f819d3c1f0b3ed5550994d768ce7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a656ac4d4a2cadffa19daa17599ce46e |
| SHA1 | 0ffd0823dfec285855aa2d0b8525fe2e2ebe0d11 |
| SHA256 | 850193ecccfac548642fdc94329b5830312bac2aa286148315a65369e18c7f42 |
| SHA512 | ba7acb61cd0cb6ccd4c29807fd23240f0a1672fe48543007e99cd6ad22854aef74d654e7c65e83913684e67765fb0c90a0136944badd59b24a0bdb7c7c4dc4ea |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 21:30
Reported
2024-06-10 21:32
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9bfe35327fd4bcea56811c342e623cc0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5772 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5132 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4820 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5876 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5996 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5760 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4780 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2144 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.22.144.6:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | ym2gk.cn | udp |
| US | 8.8.8.8:53 | ym2gk.cn | udp |
| US | 104.223.228.55:80 | ym2gk.cn | tcp |
| US | 104.223.228.55:80 | ym2gk.cn | tcp |
| US | 104.223.228.55:80 | ym2gk.cn | tcp |
| US | 104.223.228.55:80 | ym2gk.cn | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.228.223.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| HK | 103.233.10.189:80 | 103.233.10.189 | tcp |
| HK | 103.233.10.189:80 | tcp | |
| US | 8.8.8.8:53 | 189.10.233.103.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |