Malware Analysis Report

2024-09-09 16:41

Sample ID 240614-vfbqhsyfnb
Target aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118
SHA256 88298737f310db8b6c7f70b541c1316d2df84d6ede23aa4314346239f82be9b7
Tags
ramnit banker spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

88298737f310db8b6c7f70b541c1316d2df84d6ede23aa4314346239f82be9b7

Threat Level: Known bad

The file aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

ramnit banker spyware stealer trojan upx worm

Ramnit

Loads dropped DLL

Executes dropped EXE

UPX packed file

Drops file in Program Files directory

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-14 16:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 16:55

Reported

2024-06-14 16:58

Platform

win7-20240611-en

Max time kernel

132s

Max time network

136s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118.html

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\px4FD5.tmp C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8DAA8A1-2A6E-11EF-AA16-D671A15513D2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424546001" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1344 wrote to memory of 1108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1344 wrote to memory of 1108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1344 wrote to memory of 1108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1344 wrote to memory of 1108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1108 wrote to memory of 1776 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 1108 wrote to memory of 1776 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 1108 wrote to memory of 1776 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 1108 wrote to memory of 1776 N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 1776 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 1776 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 1776 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 1776 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\svchost.exe C:\Program Files (x86)\Microsoft\DesktopLayer.exe
PID 1384 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1384 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\DesktopLayer.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1344 wrote to memory of 2020 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1344 wrote to memory of 2020 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1344 wrote to memory of 2020 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1344 wrote to memory of 2020 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Program Files (x86)\Microsoft\DesktopLayer.exe

"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:406542 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 news.share.baidu.com udp
CN 182.61.244.229:80 news.share.baidu.com tcp
CN 182.61.244.229:80 news.share.baidu.com tcp
CN 112.34.113.148:80 news.share.baidu.com tcp
CN 112.34.113.148:80 news.share.baidu.com tcp
CN 182.61.201.94:80 news.share.baidu.com tcp
CN 182.61.201.94:80 news.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 39.156.68.163:80 news.share.baidu.com tcp
CN 39.156.68.163:80 news.share.baidu.com tcp
CN 182.61.201.93:80 news.share.baidu.com tcp
CN 182.61.201.93:80 news.share.baidu.com tcp
US 8.8.8.8:53 api.bing.com udp

Files

C:\Users\Admin\AppData\Local\Temp\Cab6C2D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6D2A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f396c938df6531a714e16559beaab1b5
SHA1 81af8be23519803859ae4ffd429d3a2884082d9b
SHA256 8efd8c1768254c6b6818a06e518788a92f5b9a489b61c56c1a803b0406d66fc3
SHA512 ba0da4e69393e0915b389e0153e8db888719d0e72c90da2c08ab8c630d95d8832d27b23e03d21053d4a1520b76e804d7cf52d16c968cce1107c34c71780a4405

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbbc1bede47b62ca1398b19d33822e25
SHA1 a1f2992a44b21335d6da73677c1abe939a0c72b6
SHA256 b0f0349dd81174f06cebb8810bd947fbd726a7539d6f3a46c43077f3508068ca
SHA512 c4ba1afc34b0d323b9e22aa0a569116e89a7b45dbf3776cf26166894ae53b1f7bdd4c1b13708266e730affa4027fe299bbd89bf473f17c55fcf4d0ad518c74aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c280b5cedc089a1fbc50305b73b658b6
SHA1 ffd705dd0f37e3a8167c5fa2d2aa4d6cfc4406f6
SHA256 5e7c2f7dd5e29b2f8344a7551a72c1a50f57822d96825d3bc97e1e8c5bb7b628
SHA512 826f233a7e499946f07c6058f3d5517c42106fe8249e2e33db90c00497b5a5dddf13941a3f2400ae87494bf462d66d6771856e8e1256ed9c8e2259a823361206

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1091ae1dfe3c43e7a49d56a405917408
SHA1 359c63ef68eb6d33f486835b09ca78773cd8ae4a
SHA256 935a273409ca2ca8fc0ad532d6347d530bf0985298327eb05f8637b67430328a
SHA512 2d2d8e36ad5815476356650db3227362747c6ae2024600355fbab53f194fd9f051214e5a48a9808f74a8f939d77452caa5ddabf0a15c5fc316a8382f303d0aa4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00c0b2706fae61dc4cbc9d2c894dd6da
SHA1 22066c131623c1783275988e7312698a728b1f75
SHA256 84a40383435006a91d44b4f2c94bcda97b216dde6488ff333bded63d6190db09
SHA512 ae769048b09e661f01a90b882bdb1f5050a6a3f6635ac1abc81adde5f19fbc6cd8b1bb0ebdba31d2c6e822453d1f421b60229d1d57a3ae34d2ba8e474691c61d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f16da8f33aee45381d0b1c514f41c294
SHA1 14db9fc46cc187731383c1a21f57920ceaaa71d6
SHA256 dbc77fc4f291a49e34d1c24efd97144194ed9b4c54e83e407fdfe58923c29825
SHA512 a5ef2d2325b5afe85b8a60aafd283bf80573977a519ea13db4498a694759e5ba6007221b08b69d0ef5118596bb1df04e25b85b2ae527eed475f49181ccb14139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bde19c1ff5067f574d3c1a0a047c0455
SHA1 acb089e4798d07d1ef20804f75caf4903f6b55e2
SHA256 859a0a1275b365e8e009a2bdd66f33f473e1be5efb127f9939e57e5f8337c220
SHA512 d45c9e7fde8ed43157c24636b5bad5d15ba71d5c4bbea7399e0fe672de3f0e62c1f3edf029c007ecbaa10b64b6112f1ff956a096880104ecb8aef3fbec3d2265

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d74b5e622512d534307843031960f5f
SHA1 af72ad1c77d97895a5286464b9be75d7b3688f29
SHA256 60c5b9bcc178c0ee0ee4a923534d6be06f96f7df7bacd1fa36838c73c449f50b
SHA512 25478a50dbdf46718ae34533bc4d883c59595475f2f3f5e508400880b9df82043d8a37a2b0f8b92e9c73ab327c419871d74bbec2512c684c74ddf359cb56af2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31042bd1b4fa4cc9bdf3f57524647d1e
SHA1 0b4253938e53d1b6aa0cf3941904f02985c8fd41
SHA256 d3306aa26d804ba4802b78f6e772a10a70fd7b0b480d89ed14e5c93567a75b6d
SHA512 fa7de4508852214eacd60fff022eeecf816297eaf9b331917594f8f2ca412712cf635ef1950279870deb2094f5bd5776c88ee02d4555adc7bec6be10aee7bff1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ea0b3e771d25d992a60c951ccb094eb
SHA1 3cab04add1694c95a981fa331ec5b44b35378613
SHA256 89460d3c5ac40b1011e22b1b0fc007cf6b5c621311d00c9e6b7d6548c336c7f7
SHA512 479bacd7674b9980a7366b9a927ee4ea5de6009db576b37c30b150fe945ea48e0bb43cc1275adf79806fbc12279bfe55894689a6ff1573fa3609b75ebdff61e6

\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 ff5e1f27193ce51eec318714ef038bef
SHA1 b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256 fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512 c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

memory/1776-434-0x0000000000400000-0x000000000042E000-memory.dmp

memory/1776-436-0x0000000000230000-0x000000000023F000-memory.dmp

memory/1776-437-0x0000000000400000-0x000000000042E000-memory.dmp

memory/1384-444-0x0000000000400000-0x000000000042E000-memory.dmp

memory/1384-446-0x0000000000400000-0x000000000042E000-memory.dmp

memory/1384-447-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/1384-448-0x0000000000400000-0x000000000042E000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20923a2f27d64b7e66844a3993495dff
SHA1 fa606877b3c8d57d167e53fbb8c6711f0b84e0e8
SHA256 3e7c6f8c07f78f7e1c6b93e959214197e70111307d1f58544983985701eec32b
SHA512 e47ba2b60cf0fec9cb354709736956629bb6e9174318e80d0c64ffcfc686b5b7d2163ca5787119cdff4a114872a778634ef8e01b37264c33deae94055a20de88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f4482a2fe86af5d2d1f1708377a1215
SHA1 6931e80b0444e76ef56c352530ec97f3fedff265
SHA256 c680149b20209d8aa2c25c5e59aac864631506f77ba4e0883fdc43ac6b80b1df
SHA512 a8878a9a6dd146cd67a519198cef416ee81cce6cb53051e1fe5f768931d5af86385138b56d2731293996d0f341b626b9fe9f2952cba69b2a882ad8f1dfe0f758

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e15b40f00daba17fe48b16d0ce281f91
SHA1 778f38b11f461a550159f80464a58709ee4e0e3a
SHA256 fdf1f4569e9030191223547fd6a090ca765777faa2a98c051a72ca291e978c10
SHA512 c81062e0694e359c6a434c4a527e181f31ad78204b6bb4c60b1df97c5717f1421fb44eb13abdb4458f63de3bd8a00f785d55cf15f68f9db775d40b4c2c167a55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9751e89ef5c8fa605add5840fc97330a
SHA1 91cdb97ffae13b71e5ce3b18b469f21d8ea01cd5
SHA256 1f56b0e22e600c8434b6dd2e80cf479bc5c26982868c711595e52d066f3e2af7
SHA512 d1e3a22778967a18eba390fa819ab7b95df0e4dc56c57e900cc3e351161e3b4ca8d3012b9d691598e252f29ed464d9c62238769c777c5c3ad99ca7fb73c2e973

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cb47869bd3299b583cc52e4e7264590
SHA1 936907dbcd73904a4c41b0aee07519df8af79e08
SHA256 c4ad221ed44c98bf8fe1d8af002c65f18976616d589436e92e6c1782dafac440
SHA512 9ef0f74d83c42a11a88404dad718d8c19ea674badb6b24b0ba83db553d43484b8eb8b83c4833acb7dcdcddea61666e3148d61fee5096f1ce3bcec627402608f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ed106b91f884411394b7a909a299386
SHA1 989c0757528d831bcd5ff3fc804bf70df6d82baa
SHA256 b62328dddd620eb277f0e7c86515d4bc53946c3d06eef7171a760978b512af36
SHA512 7f82ecb8ffcf962cfcdf2dce275dcd6e80d12e7576164dfe78e9b88fd77b46bb19ebcc0f7326560411ce73a6a2c5de3f99c0f6e79817f728000bc36546415bbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bd6691f7fccf8fbda10476f2c22e00b
SHA1 e20d035a92c38bff6c3d505e38312a6f2578ebb5
SHA256 992cc10da8e6d251b0f3284c24e3899b1ddb4e17051a19889af63093deae7fcf
SHA512 141ef6373462ac3567415961e43935f28aa7cce368e07781552ef5979e9f9df7496b9f4a6a39eb9383819f75cb5ba08a46688b51a5a8becc8b5ed1e194e6bb84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59bfc2593d6fb248ca8edc704107cebb
SHA1 fc5e4d82a1f46b394611c22c7fb39ca14cb9b95c
SHA256 8cd1c87168c912b4c86b9d6ab65572dc9ce760e398770a727a6af0bc377c1aaa
SHA512 635e1066a20237fdf8b57f54afe248bbb6ee35a7203d69fa62e90042fa191d070d3934b8ac2da7092e155bb36e165e39a5674d96dd315d4e8233b9fdece2931a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d378fe1df7ab099e3dc36e30ca49b3ff
SHA1 dcf84993fe84c389eca9c101ea0bdec0b9518d26
SHA256 751cd13f061307307fca8d62fb5ea487ea0270cb82586b8d046b4664b2ce9155
SHA512 857dcecd892cc8c909d6f740d2e244b3c991eeb573a04e269dbf4bfd47f69108dbf897e265068dc1c079a68966d46855d483685123e2315838112f4df00f2301

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a0c407e00543267b5bb428242134eec
SHA1 cb0e72d1ae9cfb492b0e610ff18a079c071172db
SHA256 5febdc163ebe94abef8997562799ee6f8c95673f7763d0c5e5d39a6d6485074e
SHA512 4f19e5affd8be0b62a431d12b4955c21802b232b5b28bf3394b617fab8cb465c557c19f27047cbd02cc99dd9f6e9ea8bb679dfdab7cdfbe1435b252ed767357f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dfd38fee63a2df3bc3cf67db03c2801
SHA1 92c2327da7b63ad8439897196bee2ca21adebc60
SHA256 286a3f78899a0c9d139544af5dd7c589962b0fd036d23d817edcff157618df2c
SHA512 97785af119734514c660c4e9db70676485300dcacdf1a0d635c6ce15d70225633f17be7a46ce9f8254a2f73213288dc0764944602f224d5393aa626bbb81d17c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2eb119276d540ed880adaf3caea76a04
SHA1 71620838cc5f3ef4995fd9ffb203dec7f7f343d1
SHA256 83ad41a8d2048fd46ab4769189d22f2d464add42494d24684adbcf4149eae51d
SHA512 566d77ed059eb889af663284a8612d3b780beb2d972401a12d48c2a7a40275f672ccc7b57f39ee93310ae6d8008dd04f98ddd478b6dddefadc073cdb8052adc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78880c626ec847427d3dbd40ba2e55b3
SHA1 bc23c6e8a5bb50abeb9763f90ed112a64e77a552
SHA256 44d15cad055a0ec3c8ef437dd565b1d1dcdb669b0281b8eac6f7640926ceac67
SHA512 8756c3ad755d4db61b92de77be80a4ba2fa3df4770e95f669e3e774dd590a13c8cf738433a670af4edaa1c4781c5e444f9b2bda203c003236596deb1ea124a14

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 16:55

Reported

2024-06-14 16:58

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4140,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=3864,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=4272,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5300,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5312,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5224,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5880,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5736,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5432,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 news.share.baidu.com udp
US 8.8.8.8:53 news.share.baidu.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 news.share.baidu.com udp
US 8.8.8.8:53 news.share.baidu.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.a8sfq2.top udp
US 8.8.8.8:53 news.share.baidu.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A