Analysis Overview
SHA256
5160aefc9ad69e77163dc12c3a17ff69598584afbe8ec99c4026fec27c26bf8c
Threat Level: Known bad
The file a9c3ad05150563475eb1e641c9d41ebc_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
Loads dropped DLL
UPX packed file
Drops file in Program Files directory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 12:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 12:50
Reported
2024-06-14 12:53
Platform
win7-20240221-en
Max time kernel
130s
Max time network
131s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxFD52.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424531314" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B75EA911-2A4C-11EF-873B-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a9c3ad05150563475eb1e641c9d41ebc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:537614 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.5rybo2.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | news.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1CF5.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1E34.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a7e2ad6cb1e633317a54e6576a204a5 |
| SHA1 | f4d7a8da083a31e132b28c9aa41e6143df9ff016 |
| SHA256 | 92508e7351295eabe38a52bd4ec0e9394ca179e60b99f46081c69c5a8fba46a9 |
| SHA512 | 5c3d01966a0c8bd5f18720e1033da2b5a9af494e7691f275e3aa5e12c2b7abac4f6a4b159c6d7f93ceee946dfcc58d67462ff4afa9d232ecf552d6ffb1784a89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a40cbc58d5c2b2ac6f3390028f69406d |
| SHA1 | e0dfd78d746c5e94fb03b81702d94238799a8733 |
| SHA256 | 85e4229e17247376f296d8693ae85b274effdd8062ad16db9dc34b3fdfa30735 |
| SHA512 | 369e1d55a3bee0a740eb1bf692d6dfcdbc5a632e1cf2edb560bfc09c25e390697a9e47499970ec4765c4f64cd66f1390b8e412b014c76bdc56ca0d76bcd71d1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7dde2fa848f245dad15be59c0cab9f5 |
| SHA1 | 713f07706e9d4c552ae84e0ce5f18deb49555b8f |
| SHA256 | ffa14e302ecddfc45c60e3f4eaf13414bec9f8f3af97252ef31cfd2075c7443b |
| SHA512 | c6599429e8d06c9b9d2f098f80aab9616ad47fe4fd60c4df6565af185cf43ddb8b49ad0225b0567ab1482ff2411d22b138841fc95d734a76262a4a8e0e58c14d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6c8c745861a58e2cd9837f1518004d2 |
| SHA1 | b3146b9e7c266d2c9351e6abc2ad253d243d39e7 |
| SHA256 | 72bf3d3afa2e13c0171fe6149ba96225fbeb0909e07490ffd07728cdb9dae6d9 |
| SHA512 | 226a5e84e3d3941df4f65e0ef81bfd16f7dab684c777919c7d67d998345bd039c4ab40e235a5a0a00e3db30bc01fd7ab1993f87319c46f0276e3af1195e029b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b101016b464ef82dd894137d4c1b9532 |
| SHA1 | b04e31f065685d700cd872bdd8228f7c510957e1 |
| SHA256 | 775d97b85d0b3601cfa9ca7fd7ff8b285e13f92589df92aacab0a14ca4bbe5d8 |
| SHA512 | 593f65831dc5216f4be930e94ecd0bb4d75432255127aed9a11c11f48295bdb02b8e889e8d52b5570f979d3618fffafefbb5bc7b27c8c8819dc44bf7a40a2bc7 |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/1504-481-0x0000000000230000-0x000000000023F000-memory.dmp
memory/1504-480-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1504-484-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1708-491-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1708-492-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c9d30d62ef957fc32806fe300c9c6b6 |
| SHA1 | ec75dd90cfed07354761d294267cea9e3504ef0d |
| SHA256 | b6e7d408d01490c8d49fd51be33931950b989733523a913fe34486b8632723c2 |
| SHA512 | 91288f0000f1656c4fff0f1bdcd839f814a265739bf266cabb582f6342cadc7782719801dde8cdf4993a8438903e246994d9ff579c2a42b55240ab1c1f8535cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 396cd4e17230dba28a8edadc530dc45f |
| SHA1 | 921943a5c6d8a161c9dce850beb8e79b6cff2365 |
| SHA256 | 0ad86068dd8e62357a97989cb4ea249abf0534a1a480317eb1ef532004f606d3 |
| SHA512 | d3f26a36ea73a7cec059fd972fa1547a880db23bd286922b4d8781d98b1af81e1d4d38fe7c25656e2b562d67c388a4f31c0c81c973c18e146c4232f5e725aff4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0df4c3ca10a1d1598c0bdeb574bd2445 |
| SHA1 | be39a9b6a0cb070f9453010a852a9c4745436168 |
| SHA256 | 1ed6983fdce2d10ddd02bce9f111e811f5e4d2d714f79f7eb5eb0e351f343133 |
| SHA512 | 3d2f56f78a6f1a286cf389e6a7cfb2a98da5739f7590a0fc38bf7fb8ebc3668aea8b088dfb27c42b24ee1ee7e39fcaef3ac7c64626d28c9220fa63861ba86259 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b319396d7b4bed8c7ae7b384acf248d |
| SHA1 | c5c098b5ab44ac7ce056385e3bc85f4ce470e65a |
| SHA256 | e567ab83b129dbaed1b867db6993da1ffedce5342d16636ff330bfcfbb15ccaf |
| SHA512 | 77f753c41d81a3374abf9d9808fdbd7e25dae0802ee5e20f40d522d933d4550e5f2fd82232b6676fbb9915d0c7ae477c4fcd637850d64a113516e8e3900a3410 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f435c00f29884cbc632d1d465a89663 |
| SHA1 | 7bc8975974943e1579a7672a9344384ffb88b152 |
| SHA256 | 58fe0a4e6e214cd90579e7cf533a355629afeb975f7c6a8b7fa4159e56e7fb63 |
| SHA512 | 6cbdb02302bc3c4ad641c7973d654153b9eefc59f8346abf2488563607abb836b0c96a47ff5e8acd7c399a375405913a975d70221d64f2cdacde43c8f8181f51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71464147adec2f0ae814665e1c2ae93f |
| SHA1 | 2ec9e56dd6b3c1d728a2c8e627ed953b04b42097 |
| SHA256 | 0583ba915888365369a19b5d4dc27abd2c8837cc0f968a72b1c44c2f2b768aa3 |
| SHA512 | 23d9b31a0558a1c5ca60cbe745169f53b798b665de7369fdf8d997e1e5183ce7ebc21d78b686ab74223adc04cfbaab7cf82d47c8a636cb83c91ab4dc5a6e140f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb39602971b8fe1c09eb9059a2693124 |
| SHA1 | ac0dcf55454e1aa8926688808e6df69d0f01a331 |
| SHA256 | bdf0199057af969bb47373eae9536d960809d0b2fe91afb768b0ff7b6ac4d4b5 |
| SHA512 | d80c89650ae8840fbf4e8347e97c8ce2200838296fbf48cdce9f4c44af02e688d663978d5b772ce3bed722f5eb81753caae077b9245246e18c2b8e44e946fec1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09fd076b26160ff7b68e1e52175bcd49 |
| SHA1 | 95f07a40f9c1cc859363637ab7604e50b220fada |
| SHA256 | 26b0f1518ba760f0840ed579d08b29ea3ef8c8e00d56eb8bd3ab40610be190f4 |
| SHA512 | d027c5f3719dcdf4aef69468c36f08fdc20d48f466cdca5db8f9c437dc9de786542a3f58acca9f6c2d262d6a86fff5a8769f709e5a1b93e87813b8eaa63ccae8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a9048b3c1c026fac845f0591344f87e |
| SHA1 | 0bba912c141b8a0d58087a31d14942e741a49eae |
| SHA256 | a45bf874ec5c021cf182fbfb1fc64fdc1a0b2e6626e81a27f11f8db9d9b09c36 |
| SHA512 | 8ca2cd9e3619476f95be3ef6f4dff70dfc4b209b022f1a863c51fc2471c50a621403055ba28dad6d185b3eefbd51de38c4c8e62e93ef4a2b82e6c58c38976de8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 12:50
Reported
2024-06-14 12:53
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a9c3ad05150563475eb1e641c9d41ebc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4436,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --field-trial-handle=2212,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5364,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5372,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5376,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.5rybo2.top | udp |
| US | 8.8.8.8:53 | www.5rybo2.top | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 23.73.139.50:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.5rybo2.top | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | www.5rybo2.top | udp |
| US | 8.8.8.8:53 | www.5rybo2.top | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| CN | 182.61.201.93:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 52.123.242.9:443 | tcp | |
| NL | 23.62.61.177:443 | www.bing.com | tcp |
| GB | 52.123.242.49:443 | tcp | |
| US | 8.8.8.8:53 | 177.61.62.23.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | news.share.baidu.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| NL | 23.62.61.168:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 168.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |