Analysis Overview
SHA256
8d3d4bfd6e6e7574b885feb4a2f7feb7f25f4c5b7923fc4f3cfe7c316bcf8180
Threat Level: Known bad
The file aa1905f984132e1d326c1fbec2e58fb1_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
UPX packed file
Loads dropped DLL
Drops file in Program Files directory
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 14:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 14:09
Reported
2024-06-14 14:11
Platform
win7-20231129-en
Max time kernel
137s
Max time network
121s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\pxBA89.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424536011" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A7849CB1-2A57-11EF-BF0E-72CCAFC2F3F6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000095165d8e64fbaa41a4ae0dea289ecffe0000000002000000000010660000000100002000000022a8373eca90b5005ddaacdff7849be8f017d5f394f2367200650abb0062b8e5000000000e800000000200002000000019dcaf4db6a706fdcc3589baa3e051271c98b3dabe4525d4b8893733fa56c9a120000000250b46d90cff47270ffdc3c58359e4cb18a734e93d3e2195129a72da940e11df4000000040f76d072f0e6429753019bc1e92e31d9377b72bb714b9f53eba843d23cfd7464c0fb7b95c3a204f9491bec7515df12d4e13c9886305d4a9f275eaa24bf5d87f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0166abb64beda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000095165d8e64fbaa41a4ae0dea289ecffe0000000002000000000010660000000100002000000098f45d13be45d8a7757ceaab44823b46a6499d0f875f6a23ea7b75d9d5dad0a9000000000e80000000020000200000008558f0a36b24309763bae46e50f1e13e2dc6aa2aab1495add94f9ad66fc6c2b49000000073552b97e8a0b8a9988e39ab891e054c303a170c90e1a31beff4bcf5b0389df50b5e7a590ff8958304fbadbc122b308896aec664392556954827e1c02ae95cb55816ab7459315e6a153c19cc08bcd3c21ec804563339a717a68057c6abb6aa44a34b85b89d27d9d83fdad8a8045ca38d8a5a90d94f67e91d5cea866e6c918fb13f81aeaea7d9874eea14d866ac2929a440000000624bf5c497315a700253963080eb7ee7cacef83a6c6d7fc28f33621b41bd33767ed75ab48ac5ea5e630f385926ec278c8ba8d99b0e3dede211ec0d70d1b9296e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aa1905f984132e1d326c1fbec2e58fb1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275469 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | siteapp.baidu.com | udp |
| US | 8.8.8.8:53 | znsv.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| NL | 23.62.61.106:80 | www.bing.com | tcp |
| NL | 23.62.61.106:80 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1C6B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb468efbdf67abecdb24119bd3d41807 |
| SHA1 | ff7e212a87bc89977232f9d28885247015db35a5 |
| SHA256 | 0152936d6f03ef64356e99254b5ae8b4861e85b1c6efcac7de6f7b8f16c56696 |
| SHA512 | c417a73db46324d8b28c48f28677b5027f70859fc2da860eedd749d7c0aba2226c9e814884ba07ba19f6ffbfcd025a6320d9280a1d911480a8ce6c2dfa4bf6a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30bf785943d2ff94712c3de32c2de5a5 |
| SHA1 | 0de00f10e8ee5a1a824ba045735664084f440813 |
| SHA256 | 79a9073e93ae82144ea73f48338c01ac1383bb5963350c7dd707d0368e4a9463 |
| SHA512 | cfc724b012da465f36fddf8ea4e1f32ef052ca7e6be749dd03840e74351390de7c85c96fec57542d8fe408571c83f41f16e485af499fd19a34145f372d0a5af2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2b1d4d03ede87322f1b2bb7ec3083bda |
| SHA1 | fccd060a7deec7dad06d6eb8e752eae20a8e25c0 |
| SHA256 | 2aed4bc1eb8f3d7438c6a418fbf05cabb65ca1086b14e01df64fbfa2d48b9f34 |
| SHA512 | af1eb2affda805a66dc1f2c8fcde3b4fb56fda46d6b9239d0de5a352e609c10c23a65efe2c4f65ad348b578c5a48ef0e8a104dbce8e6612fea0e8fb1c396ee28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89c8cab23f2c401035b40524ce8fbcc1 |
| SHA1 | a3c8a72df252ffc7f0e66f38e0c19e1aca5d1cbc |
| SHA256 | c681556fb149934c63896749709d73e711ccb37fb674e21c51a470fff7d595bc |
| SHA512 | d516e6b87d31b3caba3c1f2ef10a5db63ee933e21a997e7665906cade17396c97dbfef91a2e29b8c660e1ec153847aae6682d979df7b25997805c43a65d5bb13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d321d9f53e2f019b4f3bf4e1a3450d0 |
| SHA1 | 0d3b1af4605259228b85818786193b283978c8fd |
| SHA256 | 3b759d58b9d360b072ceee2272f580ef09b8249481784937c8b13b0ca6bb355a |
| SHA512 | 98ed161b12800ae2f2d29d7c5ecb73610e7f9e5af5f86374d55ee87b07da1725c69a8726d232875157655c968e4548a8bfaf4cd315f29fb04d6a6390636b39c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bcd862bc8986f1356178d07bf4582f6 |
| SHA1 | b11b918d7c445f013ec09a002c52f5f1169b0458 |
| SHA256 | d1c6c2e6c9b19ac552a6dc9b86f458bf69f6e9ac78ac7932049704fcfbf268ad |
| SHA512 | 9711b71ac5763c456811023f2b3b89a8a0b07183b6ab49e3ff508654c4c12d1104acb237fed03c1c5cfcefb850118b2640f812d3934bd022ab7274b47c3e0f39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c68239d1fe13036d4c89f62d97600af |
| SHA1 | 3e81d80d89f3f0b44e66ed56570bd8651f833a76 |
| SHA256 | 8d7691635646ad8ced99bde9d73364fad6c55953fc6023ce916f18daa0469c3c |
| SHA512 | bbe30820bc74d1127915657e5632421d2dc143bb8c253821165bb3139956ea05a5992c191418015b8285154b89242f6dd97022bad44056cc1216f472d0bc6338 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f850074bc1a3e0ab9947a6f593dd55e7 |
| SHA1 | a402e9fe84c8725259304803bf26fd2ea7f04be7 |
| SHA256 | 83acbc983b684021a2ae56e7642b89334f64795e5840d55d0121d86184aef796 |
| SHA512 | 19a28df58ccff97380a0a8d672d5dc31f5b83190c7336accdf12705571d9a28ed6617d64cdb60d61824d7974de1e5a35f58f5657731617ce937b6cd98686fc3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee62a5b6886da17a1d888b9a5bf65865 |
| SHA1 | 4e4934c0668a3a2f1c8fec054d89a698cb4ba0cb |
| SHA256 | 7dafa87c750f4878cc5c1fef2e6d857d9e13c877a1b38e7c521fb153105247b0 |
| SHA512 | 06ed604e0030c85bdee171a9a406387404fb90c50821aa8ff60368f55bc2a192e941247ded6cb2583260bcbf48ca9f76b251ca096c3a085456977ce88dcfe697 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0569287894294fcef6cfd74d8d376717 |
| SHA1 | 81e2b4f1ff5cfd3ff2f2c05e2cb77da275abd359 |
| SHA256 | 2a3b0fb4c034d06c3c27feaea55830c2e3aba583d17508863b8d67a9a14c73fd |
| SHA512 | 2594a02f1bb06124a29553619488def09ea99812183db6dd1552d075557846190a6c5cdc6b76c9c4a7459a48757a4d15065934acd897d0c613d214c8404c944c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7aa0604b8b04303f20ffdd3a8a1f4f3c |
| SHA1 | 1a289b47da367fc974c1b1749078da5f9e07cbda |
| SHA256 | 73e562cfa3f871824f303cea342db54f09862d984c5e8c6eebe89c258d624ff0 |
| SHA512 | 5a88bf11836098fd7c50741af5d61ff1287d28131bdfc3cc3a885375c9abb4a396716d81404321012e14600269167268c090b11b5a62326d89525611a1aca146 |
memory/2588-576-0x0000000000230000-0x000000000023F000-memory.dmp
memory/2588-575-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2544-583-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2544-585-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2544-587-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4537db98950ef13031195ed807fca4d6 |
| SHA1 | a31d5200226c7cc8fcb71f9de59257ab8fc341ee |
| SHA256 | 192cf958dac1041b29905306a9a5f72ee09ba0c20e577537c5ec5108bc5883ac |
| SHA512 | 066e8a84a2243657f7fe278fe44375ca21fe82f1ad11fbe9e2f99f05746304ae43c43a3a2ef3e274033fa73177b4280547f99a5d69734ceedf2e43cfa5d0db9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5188bfc7defd2976f7b41999b34332c |
| SHA1 | 3afadfbc075deaa96344e7851aa5a40b2c217f5e |
| SHA256 | eaa6711c56651d3cf9ad74f65319531097f004697b3ac878e9acb09a7e468e19 |
| SHA512 | 15e2f70470cd269d25ecf5e4bb610d2f2ce26fe9ee7953206ae10f9bc5de6c5a2001690a00ebe4469c04f8f768f104c9f0b8fc0635862fc82cbf2b0887a13151 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09b4085c53081a82c306c06a88815425 |
| SHA1 | bef8549818fbd08328f3bb75937686d9aa757f60 |
| SHA256 | 4cc049bb3a2bb38e5e5b70f596f44ea05ee418a48bd165f44f0511f714c6e14c |
| SHA512 | 81be94bb601ef8d4a69d3f8c82a9ac842659c489b19a307b2370b0a66856325ecd716285de155c1fc26f23d4a2c415b8bcee97b09fc8c2f0c3b83ed8a1879542 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d74c7649070b92fa1c7f55c87f286f5d |
| SHA1 | 8258a63b3425ddd2150632c938d005829d8660ce |
| SHA256 | 591d6c05cc2ec4b9205b7d1970d79d899f43815b56357a8eae6c1e226c8f3112 |
| SHA512 | 91d33ddd59f3cd0c891c87e4b4d3cfffb910fb3bf48d73101cacc31ffb35bd9d05566d2707db5236995801b37c79eb5b956b61eccca766aa54b5c353bfd6697f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19cab3b244d7b0b80b6128ca31ac0d8f |
| SHA1 | 49f91372c5b0ccfdfca423d02137ce39b8f60260 |
| SHA256 | a7eed0a4874dce304d8e54736720074d126f69e9a28fc06ecf2839e18a11a989 |
| SHA512 | 52526662d63e8cecb401680d12c1a81d227785035c72fa1b3b8371bcf0a52391308d064ca195a297859e1af8889954b49f60723331e2be4e37174d89ceac3928 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 082ae9f9dd8f95e4b8253cebaf04ece1 |
| SHA1 | 9272c62f523de165cb3c98af9b7456848097afc6 |
| SHA256 | dfce99f2000b0ec3ebfc33654870a36abf86b04a59c8cb900d9191bc90c03c01 |
| SHA512 | d6a0fb9672604cd87e6031e3868d71903b34408232dec3d57fdd8fb81d85727176c5c0cf95c63792c13cfef755df4839437864dfbc06c7d479691015b1deadaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7764297cea4882ac2111dcb8e6a49b7 |
| SHA1 | 82e4a1de2a6f4cc5f94e61bda062610d708cf6c2 |
| SHA256 | 49b585d3cf14e47d9dd2c569a0ba35f581bff7e82b2fad8a85d856f7aedaf830 |
| SHA512 | 23bb4c7ef9ce8de50238420a1ae43a1ae285e25e520c970c83465b6a367f73c871f4d6b5936274f581e1d201b599cc63486970038b8c860b0fc9ffadbbf9729c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4b4d0aee81a079bca07112b5cda1395 |
| SHA1 | d7b91d4080377f734c09341fd933f404cabe6bf2 |
| SHA256 | b02d53d645bd9af1d760e5367f0931c86918b320e90f3735d5130b65a3468f4f |
| SHA512 | 4596719b16f70e1d3090dc1fbf9d570a115be96e4e013db912390659e3b82978f3d06ef81b48cf3c8e3515e6b4964db2ba871994d55740c5733618a7e8612b22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4598138aa8f0079fbd7e63f06ad1bd8f |
| SHA1 | 4e77be8bac6d09b8d6468109392da0a779855237 |
| SHA256 | 67f83385a9c3ba55d8b240cb6d5e2bdf37d59e301dbf083b3afe7a7ebb085ffa |
| SHA512 | 5bf374e4fbd14b06e15cbbeb12de4bc677b33d2f5f1043e8bc0ff98d1b1c649273e259022d032f89b43c63de324b39b02a353340a5effab88f5ea44824762cda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a247151931af816f457f08b459a7bfba |
| SHA1 | 050064f5ac69386087802c374029aa4e236b3929 |
| SHA256 | f32f87a87770f04fae705ecb2fa780aae997012eda15e7fae303daf44d693fd6 |
| SHA512 | cd2f2fd239e5aef0e1ff51a147db16b7743f9f5a3181a221a67b8d4e48a8b39e998844be828d46358eff42e5dbb36f251b71f7f74bf73568958868b268fe8d45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 820656868e1f23fc6ca9de3a7c74e5ba |
| SHA1 | 8d1bf07a88503a8cb56a5c8eab90a32ae4e576c2 |
| SHA256 | dd1cdad68cf6a2151059f425edae2ca6e3b83decf0e3f9fd0a0f1a98417d8f9a |
| SHA512 | 46546a9cce3e1e49c14d0b0cea22337a8b5a117d3b4830a60706b54d15263e2b9a7aec4af70dfae834e1dd66316cb4315fc1130fcbf396871c9d7db5c5b86d18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 14:09
Reported
2024-06-14 14:11
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aa1905f984132e1d326c1fbec2e58fb1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4988,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4992,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=3828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5032,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5436,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5444,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6004,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5652,i,1305347165619645738,15927664461101562802,262144 --variations-seed-version --mojo-platform-channel-handle=5772 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | siteapp.baidu.com | udp |
| US | 8.8.8.8:53 | siteapp.baidu.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | siteapp.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | znsv.baidu.com | udp |
| US | 8.8.8.8:53 | znsv.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 39.156.68.226:80 | znsv.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.183.79:445 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 129.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| CN | 183.240.98.228:445 | hm.baidu.com | tcp |
| CN | 111.45.11.83:445 | hm.baidu.com | tcp |
| CN | 111.45.3.198:445 | hm.baidu.com | tcp |
| CN | 14.215.182.140:445 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| NL | 23.62.61.106:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |