Analysis Overview
SHA256
fc69bec31c06b525fb315ab32a19603485d9108414969bed932164beec62503e
Threat Level: Known bad
The file a2148bf29ef3c45cb151a313afbcaf07_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
Loads dropped DLL
UPX packed file
Drops file in Program Files directory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 19:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 19:54
Reported
2024-06-12 19:56
Platform
win7-20240611-en
Max time kernel
133s
Max time network
129s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px18DE.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000a423eab4cde7052270da8072f3a3a40656e77e6c9ac39a68ddaee2763da58eb9000000000e800000000200002000000085c5331f863f7dca1238ad3aabbd61c257bff0fa483dc32838a421806ac8de64200000008f56c027927bab9aa22a1cbb248ae2f1d072497a90d152df9d97a30d998788f34000000085838f500bd733bcbe7019ecd0d9d4f8fecf082087b3178d5f3092e3144ff2d98274ae109004fc8e75203a074d83cdbc0eecae4500856e5142a09c4fa7889580 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{858A4281-28F5-11EF-91CF-DA79F2D4D836} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424383912" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000006be57b42037d473f2b201f9800a8a7fbcc66ef82b8a734c9f7723bd69bf455a1000000000e80000000020000200000008fc75f30ac32a8b2b20be71ebec8a761657862965e9197c4d4755349b56fc565900000000311cbc6eeb192ba75f12c43637d0ba826fccd80a3407ad002e3b8a65448b2d9808825598bddabb3f3c464582a2fed9785189dd4b8411ea30730d1ff656bae25a217d0af1917f2aac969c1671c2a9e0da67b4d4f60d2b6fd49ee2b385e1bf0ce61543a11107979cd0fc1c8ca6b95a008b629e922af27b53210ea1a8c8e5c26b2320c8ff15bc5c27d74eecc7cbf1e400140000000bee869f7bb266aadbb8cf3712931abd4be4a0e72bf9de4ec8a0c3a86c78a8cefe576adf1294e67fa983285da6db01c8d43c98b89b9f0d9f908da5c9c66c7f92e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0245f5a02bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2148bf29ef3c45cb151a313afbcaf07_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275466 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2904-8-0x00000000001C0000-0x00000000001CF000-memory.dmp
memory/2904-7-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2900-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2900-17-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2900-19-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab2DC5.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c846e816572cb8288ec78583b8e11334 |
| SHA1 | a9f2a7e0443f48bea4c5c9d080ec500d20a56e5e |
| SHA256 | 84c4341cf91e614884b718d925c07a223fb15971cc0dfee37d3aa0dd4047c3ff |
| SHA512 | ba63db28e1376a4bf1ae8f1eb51ae96b2e3f024e5720b2e2c3a9da508bbacad100dbef2471e4eba171a8f0264f8b1c7758715eae68289e141db4d1fc1be2fc7a |
C:\Users\Admin\AppData\Local\Temp\Tar2E7C.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88c15af9510ec7d859be878349ad287b |
| SHA1 | fe944619559c09f467833101cdf9677b2450e93c |
| SHA256 | c33b9e2b9e46d4e745bf3a067dda83dbb252be2dc9d3719e2b6aab5f3ff84329 |
| SHA512 | 568b7c8a1ffde98e7935c923e82814d996ad026511a9163f8819ecfc3b6965fe8845301c23e54897e9faec1ade725b95716ae6fed32441a62a98f2504e943306 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbd278f8f89f147cff6b234e54bfc85b |
| SHA1 | e3810393b7eb6ff2705f79bd3c53ed24a6f8ee95 |
| SHA256 | ad4e9fba89bd6b1c61c39025642860af1fd0b90cb7602cee6b25175e2dba1d18 |
| SHA512 | 04f26c674084c37769dc305a54e93145fe431ac46390716207735e317d5a81be0a3e835e4ca32c5067e58dcbe1a59ce23e1b8d23147989c6cd5265318c2b9597 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97d8757dbbf7a49a83c4e4028383a290 |
| SHA1 | f9b39dacf52bb33a6dad48a23637dcace63534e3 |
| SHA256 | 82b6bd25a750dd57e83aa386218d6717b7ed7199968233b58334ea5a84cc5128 |
| SHA512 | 0df3f60059eeeaefea8a3ff0016401e5aa8048b35467a4a7cd1d74735ec9c37a53536a6d1ddf8d82fcef6f10cc6a2e285d2803aec96fe50b7e24122de462c347 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7aec5875851bed20897b86531ad69fe2 |
| SHA1 | 94271a44795d4d0cf44db18155392bc15f3a5cd3 |
| SHA256 | 972dc55bd2599a825c4760cfcf0cbfbe7f0936de577dc918a38b53185b709804 |
| SHA512 | 52e99215732ccad198799a68a9a6975dfeac4526b28f008c3578f798eca7faedc4af52741bdcea55d5c9f10bd663ec23ff334517464ad4a288af94120a5498f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a20d589c30582d5aa617c45974f78e62 |
| SHA1 | 5bca73624b7dec75f2e7e495533a56b26f3d2ae9 |
| SHA256 | 20a3fabb8416c77c3b8f41260ba52a309570ef78603f11999d0de093990c715a |
| SHA512 | 3e9ac7777ec693e6c4c77ff15b70c222e46829e346a2f1deb4050974112f0dd16a9226f9fb19c6d44c15b0fde1b60e03d322200aed2c37b6541feccee0fd8af5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71f1b7946d21f0f7f361a96aa578c02f |
| SHA1 | 65073dbff32722d0574727ed17c9c6c0739a11ed |
| SHA256 | e63cfef3631788fff5a5e9eedf315efc7d44c8d9474edae1bdf00f1efe3b4f26 |
| SHA512 | 4faefb73d35b694d289a43a13d5d594e5d6d499e080a1ba01b1c99fb1d9805d1fe72fbd216ddd2c6f0c25ad1626709765593301fc8205b97e2891b78e9479c61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38574a85caee272d8cd66f6f8a5ddf5c |
| SHA1 | 6417e5d38192f4baacd909486840cd4dccd58a28 |
| SHA256 | bb28fe5f7b469d9b14910c5de1f74e141b8efd518d4b308a495d7d49f55c69cd |
| SHA512 | da75cbf79802df38dfb9ed880ec3706307b15d4665331a957aec54e7b14b7243580169dc81dac875eb52fafdf945147465dac586589879dc896fa045caf72144 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc7473717976a447136dc9d26e7878f6 |
| SHA1 | 7c3699b732292d5f1fecf015cdf8059e39113a69 |
| SHA256 | 39db684a886947deefebbafed1b219ce1686db4bdd805548c3ee448de92a8a73 |
| SHA512 | a20206917a89cad997b2933e658087950f3f8899047686b6061a303b23de9f2f83442670fbd4525a0e857586b15c2635257c977d80735ebecd8f0a19e7b6a8dd |
memory/2900-400-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1ca356aee580d67d7c8862431bc133d |
| SHA1 | 4ce2bbcadc33079210290b266cc27e600cb38aee |
| SHA256 | 5b8dbdc64a9274ce6aca496625b6b980ab13ad59b5577d296af22419d5f513d5 |
| SHA512 | 78d50a6645cbc49189c34e49cd966d188f6738ed37894d118683f1c1823b2251987996730e9378ff76e6441770b5e5012c082e272e572ccb0ddc4ad4e8b53a0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47926c673cdc183055fd6d3016e189b4 |
| SHA1 | 805987391db360aa57eb6511fb26d2df3a8733f5 |
| SHA256 | 697dbc119330d6da26650aa700472a94ae023eaf5ec84eaf261096eaaf620d5e |
| SHA512 | 7d7fb36523317e1e6d4d2e8e414cc977df5d2ea690f23a4fa6fa42905d9b807bf79123c013dea584c606fdf6309b139238b05841185b8ee5e0a28d635c764ab7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5625ca4b0c89df30d44e791d79514867 |
| SHA1 | 303e3789dcbb540b6bc3181ae148c476f898ea09 |
| SHA256 | d4e948a53a745f0e1ad28f46053505f07a388066bb238550dd3939db2b1ed3ea |
| SHA512 | cd180a11225f883cfff4b98708314eba95040f235566419e3c409f04364879507e91fb24a4e77fba3c69774505bc7846afa3b19daa34cb5a91aa8f864a748dd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1dd937b40a33ec47ee2f13053817391 |
| SHA1 | 9e4c286b50f6037f68acdc29b7fe77d0cb72ea4d |
| SHA256 | 118050fbba014189f22ba0a00b2745175a8fa7366cf79bd45a03bef9e2b3a5d5 |
| SHA512 | 884df0f37f48a0494c8e2ab437db019401a0e53bba4a1eafc6ea4e37b29f956dc7e11f3814c2b0a684ffece631b9301dd8764a6223f29070fa296e04392d9173 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d8f0625b94a34eb3210317b37a43c88 |
| SHA1 | 81654e7a58122f1cdf20e7b3784aec2428c25af0 |
| SHA256 | 4306e1ce666906640035228f6419f25dd833318ebcf1897573f4d1ac06dc7445 |
| SHA512 | f2daf7a2b20cde48cb8df6a6594f48340ad45f1259ef0900292c691e8a3cd2ec495e6c6346783f94b4e8aad214c39083547466b59853fe2aaa32d542ab9b875a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07360ba4bd51743efac089f2a5478d8e |
| SHA1 | 243238d64a22c0f0e9734d27368b65711155d694 |
| SHA256 | 1dcd40039f2dbad421123cef58fa80a261a4e59fa5159630b04b585f4b870ff6 |
| SHA512 | 165afdf2aa897d27700f069635801fd3180734d4d8aae8ea0333bfecc3e27269857cd58608444b99e0509f11abae6fc722ca20a0063bb8e68ca9cd01144e8fae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c109a16dd136ae31f3621479e28266e |
| SHA1 | 557d78cc2134aba7f5a853ed553bdc6ebcf9be2d |
| SHA256 | 6511dc713c9314750ccaccf27fd731aedf5087bd9add5fca75c50020958423ea |
| SHA512 | d3ddfcd595e2fe32aa31fc0c53b2f6385a2dd51654e4197519ef5e3f81dc51ba6865ba71e288852c95863880f6a0e0907faad8ac5bf9559189b856333463c282 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66c0a48fe6f7bfac6d182ad45d8cbc7d |
| SHA1 | 91fdb5c6c935902a7f8cc2b44f99eb8d5dbc702e |
| SHA256 | 6b4d25fc2d5e24af52da53d610c4bc8e3694260df37ceb3f23035769060605fb |
| SHA512 | b68575a8b63dea2b60a6b7d72c91844d27c840dbe8e20f7a161b1dfca8a422f4a42fa7e60387dd689af8d1f5f73bb0b5bcdc27d8421f4c1fe0c28e1167473a1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13cca81030bcef7ec34731ecc31c9014 |
| SHA1 | dddb8b9a055db74cfde980c749f580cf84b2f148 |
| SHA256 | 12e861b96a2cc86187e0438df51a11b94e8eacf75ae83b3a8fff6b152ca65eb5 |
| SHA512 | e0e042d16fbbfcca5a6772da95cd5c855a432eb9627f459eba26fc9137827f12ebe1fe44b35a6487ad109de675c79eb132e15e2e08750d604a7d2182eac94c88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a9ff4be6d08f14f986236c4a58a2ddd |
| SHA1 | 3f4511c279d6b764240d26c1c8887f28d829ed9a |
| SHA256 | 2c3ffa570219c871f8cf3e6a350b51f50caece0b00ffc3d925651f5b24e943af |
| SHA512 | 08c55eb5ea7163bdbd80c046eb418ad8e12ec175e5ba7fdf309bfb749d78fd3266f27ebb05911606d8d3eca492957b0ec51041530ae42a6fbe4c875dec523eb7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 19:54
Reported
2024-06-12 19:56
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2148bf29ef3c45cb151a313afbcaf07_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3708 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3960 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5392 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5488 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4584 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5372 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| GB | 104.120.141.176:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 205.81.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.141.120.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.80.50.20.in-addr.arpa | udp |