Analysis Overview
SHA256
b9cf3ac362dfe6f27d9c4d7dc739d2d6431a9700e9d08cd3bb75f5a397cf40d5
Threat Level: Known bad
The file a238958d855b22c9b33ac6a5097febe6_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Loads dropped DLL
Executes dropped EXE
UPX packed file
Drops file in Program Files directory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:30
Reported
2024-06-12 20:32
Platform
win7-20240220-en
Max time kernel
130s
Max time network
131s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxF43E.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424386093" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{99821971-28FA-11EF-9A72-56DE4A60B18F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a238958d855b22c9b33ac6a5097febe6_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:209934 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab123B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar136B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f615b786bf71435bb25621707ca4a294 |
| SHA1 | 7f27735443a700c121d5c27a4f86d97bc601a355 |
| SHA256 | d080bc0ba1cb31a28eebc2289fc49072ac4536a0630a20605fc8d95e40b7c651 |
| SHA512 | d40735aa5b2245ec2983f89480143b1c71cefa9c2ef5e374259ea299068e2f0ba93ef4731013312e7a3eabe75fafd6f52a1af18a49a47b1080800542cd358704 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b4e7aa4444982d2a776f6de239832d3 |
| SHA1 | 79d1c9034e02c236d21c486ff41b716c16ca0c1d |
| SHA256 | a7c1c025c311ba1a5a23a69f4c0cc13f9b409b69d22636418dc517a73f06d144 |
| SHA512 | 94723afd626c69f6f71b47b08ca705a0629414ed00fa3e6851502ff2ded25830d2c88aa18e88605421a0fcb6920c18b7879dba1e1ccd0eb9f4ea3d6772cbcddc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28c80fe7b13321b52725caa282f24030 |
| SHA1 | a6ae92693721ff4e8cae91ddeb6df1ac45bc5474 |
| SHA256 | 4cb2b43566a56d9974bcb9cc098c25a38dc34a4835e3349ed566ed1b54fb8e5a |
| SHA512 | 29f9559c56d78423b3316ca836914721141c2ddd95a7174c7614c376f72bfcf453ae56ff281953145a07b15a2bec6a11a3e585d3c8e3185455bbe83bc1709906 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d70ad2c90caffc6bd9f6d8525d75d558 |
| SHA1 | 0d0bd9e98c7f8827553d4ffeede5b561116627c7 |
| SHA256 | 8ca7beb6e4ecab652715349301a1dac58a873a7a09dba0a702b4842705b2d99a |
| SHA512 | bd8ed10b5b750842785218de3b22d7fcf5c7aac53de25c628855608a8e49d15851b4dde42711dce428be8acea7ac5580bb0bbf1a3899e0fc59910288d2db7793 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83a04f7f993f48a69cb75afdb32ecf14 |
| SHA1 | d466e5b196d4667694733c57e77f45adebca305f |
| SHA256 | 745e20fc9352ba81589d5cd82916c2ad34bd6d868516a11241ed1aa49ab38872 |
| SHA512 | 36819c3f2602b01d2903754c819bc1f4ba7eff76520f9f81e31d0bd1db8390b7d37da4617c1626621bd85f191cee677cb8237ec74989827bfee075d414b00f45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8d36eeb63ad871884de3f5c963143d5 |
| SHA1 | a46f208fad1660fec7b6861ff9b566ab9ed4dc8c |
| SHA256 | 99388522084f694213f31bed77ebc5b8dd3e300f8b8495ed9e0851b2fcba9609 |
| SHA512 | 17370c795da7c98c770d59c4092b81e40e56737f071a19876882a0539731b1193099461cc1b50fc93b78247be487960f943b17e74558150b9221c19fba1107f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a00f6d3c59ba621b455b2edec56a2eb |
| SHA1 | e78ab0e67bfa2b234024e4a397a6fb590e7a07dd |
| SHA256 | 7971d5c665367ea7ac52bd53706c760b643bcf3ad424e96e9f3a07d76cd6425f |
| SHA512 | dd51593426bd46d04f91fb9a00c17c613b0f12e0da0200ae5d83049618c6cd2425e45b121f83b80e904a50b2a78179b36b722dd011f64bfd35f7f6656104c6be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a74306a720458722c30d5eb9088b33f |
| SHA1 | f6b4cca7b0b802bf6c0cbb0546ac4f98d613fc26 |
| SHA256 | f7a2ecfd6ee3b6d801152f0fe0ff8ef05878d7e2a991489e3f3379f10d2a0b01 |
| SHA512 | ec412d386de1030e88a2d51f1a87d83ee89a98d996c16c3526ca437e2dd6a010c4964e4c831b3c31262158382df1604a4866d2998ada2731bcbda258fb0b4436 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fd63921ddd266d6ab09e03b3a2e9df4 |
| SHA1 | bb6bcd24b642518d8aec80ce1339b8ce844baa4b |
| SHA256 | 228cb9d4f126b185800deeb4bac1665145b5b6d9b4de3be3e6a79b8cb0e21e29 |
| SHA512 | fd0d885d6540ab00439e74662b8a035df7448636190aa328300fa5e81732081dd7997b7fdf8385f3f48c847395e1da2811b66f3e5c400a1d949dd503b2e5bc43 |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/884-482-0x0000000000400000-0x000000000042E000-memory.dmp
memory/884-481-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1040-489-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1040-492-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1040-491-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1040-493-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1040-495-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f0aea874c130dc905a0a2ba09d7f6e3 |
| SHA1 | 7ae2c994020766e84924897debe3a307f4b6c099 |
| SHA256 | 80adb9d40ea149dee64fa2ce66245c0033fba6a735a1468440241ab58f0ae0bd |
| SHA512 | d4089933f0d3639677be446de343da2502f0eb4d660c7b362c64688af56f53b0a238d353fa5bdcbb0ff2c4a9b43b78e860d2126e76c3da74c95d6e2941b26496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1beb11fb63d87104a9a9a7658d9e50c2 |
| SHA1 | edaa7d09a0578a3ae178443b7e4b0e1b1a9d992a |
| SHA256 | 6f07314f2cc0e825d0566b1e749644ed381f09fcbcbe28aa5630bd5cfec57f59 |
| SHA512 | d611b94f865943ad63d48713fa45ee6fd858f381268b6b1cac461e4ceb922cd49e3c5746015b5ab969aee362426da7bab7a9b329d0554d1c16d457f713dc71ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a11c5299f66af80eb1ddde31f2683ad |
| SHA1 | fba76694f5cc43dde36bca282a2a6a84ba5d9d22 |
| SHA256 | a5e10e428479265d547edf6f4e357dee3524ae6444913c8c0be7a71ff6b76c16 |
| SHA512 | 61a48bbf9b62a7e955bcc561dc785ea0bbe683d535272f41078e9cd9fd853435c6bf77836055c943ce7b356c39d46089f136d686a5e4fedee3faeaa51b84e17b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da7159efa520c8cb36c765b657510a36 |
| SHA1 | 28e3d2fe04e32f58d66904e7398707b6d326c3a4 |
| SHA256 | b4414b8919dda2e8dacc940e5e032100c4863b6236f2f3e2367990bc5429f612 |
| SHA512 | 2b39258f2ca29f3cd251e5d834668892a7c294237ef352fcade65c5281b5160098e159f52d7b0a95d966f1dce2b20e61d28737c34387eb82cb836bb1e8cc6f79 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 232b65219b7c4015bd8950ceb68a5b12 |
| SHA1 | ebe795a4ba28d78c21e3700e5a5f43ee9de7bd8a |
| SHA256 | d63c0b87bff870a38d96562554323e0a00d9c64ee8febac877f0b05d58b31515 |
| SHA512 | 3754f558150c39ae0156bfc17e7f42257195a08053e20f4ee0c9d411a67070d5482b4de47d5e83c5ef1a597f3ef03459fdbd1fbb37c4d2f0dcc4b73a7ab5dc70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a4dc0cbeec51974678417368645ef6c |
| SHA1 | 0f30c94ed4cae8d611309a0ad424ee0d3a6f2211 |
| SHA256 | b66b20ef82764472483a836297989026e6164b7da750479b7aadbcdd168d592d |
| SHA512 | 6b18176fbbcb8b8ea1b91889f369827fca93652c85da5c1b6ee8a39eb36b85dbac9efe3715073117af3b44ea9f9ebe8245a2b2ac0c02c5058acc6f247b439db0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05a6b54d9ee03f46445aa4065962c763 |
| SHA1 | df917db8a0cc8ba394617520e873ce74a541068b |
| SHA256 | e1bcecd0700e55554a8dc543039f5f24f9c3f73e2df6d2e3d0e58dc855a24b65 |
| SHA512 | 32fbcf8e9517fb6c21563f8587a321116ffb7c6ece4db9c7ca50ecb2abb00abcbb7effbfa59feb2cefb86121029e80dc98debc463236ac46160aa2258351bdc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac7be32d0f3846188659d38e30cee0ae |
| SHA1 | 2c9ae6468e7b1199718fe1784c8c45ad2f18f497 |
| SHA256 | 197115da14ee85f522f2502674d2f22408ccac48026bb3fb7aa0daa685b89a74 |
| SHA512 | e4d411493be587ed42429ad26c4935d1d6a502d3d8b777ff4fcdfda66bbece27a199300727c27157e41d12b92da8e3fd027b97a50d84e1335a9d3f4ebe013b45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a80e35806cbae2b2c51dc89b65b91632 |
| SHA1 | 2eb2a6b00a1663e8f13743798676d4c72204b124 |
| SHA256 | 094ac64d619a4f0130013b3e14b7459df148e7607429ad8b6f5bd1905c6549f6 |
| SHA512 | 7a91e7e075f256d692b8e915ba71f254186d58099e2a87124fbd40637577d68c0cdeffb914cfde4fbd61b9ad70dfbff1ff9f7b80df0c46a60fd778cf30b466f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b86a0819dd82204ffa3096c031e6e5c3 |
| SHA1 | 0fd59ad4d48ac3f5bb70826bf1cf30eca92df1eb |
| SHA256 | 76296cab1b085160ec5eb2d7deb3f1041f0bd16ae5a5247ac614cfc824464765 |
| SHA512 | 780efbf9e5bb98f66a16be04f7ea3260676d6d44d3cda7f1a186c5b81e57c77cf707e056d527fadec50b49ff4fa8e078794a1a8275d8713a73875cd95abea97c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:30
Reported
2024-06-12 20:32
Platform
win10v2004-20240508-en
Max time kernel
139s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a238958d855b22c9b33ac6a5097febe6_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3924,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4764,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=756,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5368,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5380,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5852,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6048,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |