Analysis Overview
SHA256
88298737f310db8b6c7f70b541c1316d2df84d6ede23aa4314346239f82be9b7
Threat Level: Known bad
The file aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Loads dropped DLL
Executes dropped EXE
UPX packed file
Drops file in Program Files directory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 16:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 16:55
Reported
2024-06-14 16:58
Platform
win7-20240611-en
Max time kernel
132s
Max time network
136s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px4FD5.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8DAA8A1-2A6E-11EF-AA16-D671A15513D2} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424546001" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:406542 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | news.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | news.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | news.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | news.share.baidu.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6C2D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6D2A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f396c938df6531a714e16559beaab1b5 |
| SHA1 | 81af8be23519803859ae4ffd429d3a2884082d9b |
| SHA256 | 8efd8c1768254c6b6818a06e518788a92f5b9a489b61c56c1a803b0406d66fc3 |
| SHA512 | ba0da4e69393e0915b389e0153e8db888719d0e72c90da2c08ab8c630d95d8832d27b23e03d21053d4a1520b76e804d7cf52d16c968cce1107c34c71780a4405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbbc1bede47b62ca1398b19d33822e25 |
| SHA1 | a1f2992a44b21335d6da73677c1abe939a0c72b6 |
| SHA256 | b0f0349dd81174f06cebb8810bd947fbd726a7539d6f3a46c43077f3508068ca |
| SHA512 | c4ba1afc34b0d323b9e22aa0a569116e89a7b45dbf3776cf26166894ae53b1f7bdd4c1b13708266e730affa4027fe299bbd89bf473f17c55fcf4d0ad518c74aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c280b5cedc089a1fbc50305b73b658b6 |
| SHA1 | ffd705dd0f37e3a8167c5fa2d2aa4d6cfc4406f6 |
| SHA256 | 5e7c2f7dd5e29b2f8344a7551a72c1a50f57822d96825d3bc97e1e8c5bb7b628 |
| SHA512 | 826f233a7e499946f07c6058f3d5517c42106fe8249e2e33db90c00497b5a5dddf13941a3f2400ae87494bf462d66d6771856e8e1256ed9c8e2259a823361206 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1091ae1dfe3c43e7a49d56a405917408 |
| SHA1 | 359c63ef68eb6d33f486835b09ca78773cd8ae4a |
| SHA256 | 935a273409ca2ca8fc0ad532d6347d530bf0985298327eb05f8637b67430328a |
| SHA512 | 2d2d8e36ad5815476356650db3227362747c6ae2024600355fbab53f194fd9f051214e5a48a9808f74a8f939d77452caa5ddabf0a15c5fc316a8382f303d0aa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00c0b2706fae61dc4cbc9d2c894dd6da |
| SHA1 | 22066c131623c1783275988e7312698a728b1f75 |
| SHA256 | 84a40383435006a91d44b4f2c94bcda97b216dde6488ff333bded63d6190db09 |
| SHA512 | ae769048b09e661f01a90b882bdb1f5050a6a3f6635ac1abc81adde5f19fbc6cd8b1bb0ebdba31d2c6e822453d1f421b60229d1d57a3ae34d2ba8e474691c61d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f16da8f33aee45381d0b1c514f41c294 |
| SHA1 | 14db9fc46cc187731383c1a21f57920ceaaa71d6 |
| SHA256 | dbc77fc4f291a49e34d1c24efd97144194ed9b4c54e83e407fdfe58923c29825 |
| SHA512 | a5ef2d2325b5afe85b8a60aafd283bf80573977a519ea13db4498a694759e5ba6007221b08b69d0ef5118596bb1df04e25b85b2ae527eed475f49181ccb14139 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bde19c1ff5067f574d3c1a0a047c0455 |
| SHA1 | acb089e4798d07d1ef20804f75caf4903f6b55e2 |
| SHA256 | 859a0a1275b365e8e009a2bdd66f33f473e1be5efb127f9939e57e5f8337c220 |
| SHA512 | d45c9e7fde8ed43157c24636b5bad5d15ba71d5c4bbea7399e0fe672de3f0e62c1f3edf029c007ecbaa10b64b6112f1ff956a096880104ecb8aef3fbec3d2265 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d74b5e622512d534307843031960f5f |
| SHA1 | af72ad1c77d97895a5286464b9be75d7b3688f29 |
| SHA256 | 60c5b9bcc178c0ee0ee4a923534d6be06f96f7df7bacd1fa36838c73c449f50b |
| SHA512 | 25478a50dbdf46718ae34533bc4d883c59595475f2f3f5e508400880b9df82043d8a37a2b0f8b92e9c73ab327c419871d74bbec2512c684c74ddf359cb56af2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31042bd1b4fa4cc9bdf3f57524647d1e |
| SHA1 | 0b4253938e53d1b6aa0cf3941904f02985c8fd41 |
| SHA256 | d3306aa26d804ba4802b78f6e772a10a70fd7b0b480d89ed14e5c93567a75b6d |
| SHA512 | fa7de4508852214eacd60fff022eeecf816297eaf9b331917594f8f2ca412712cf635ef1950279870deb2094f5bd5776c88ee02d4555adc7bec6be10aee7bff1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ea0b3e771d25d992a60c951ccb094eb |
| SHA1 | 3cab04add1694c95a981fa331ec5b44b35378613 |
| SHA256 | 89460d3c5ac40b1011e22b1b0fc007cf6b5c621311d00c9e6b7d6548c336c7f7 |
| SHA512 | 479bacd7674b9980a7366b9a927ee4ea5de6009db576b37c30b150fe945ea48e0bb43cc1275adf79806fbc12279bfe55894689a6ff1573fa3609b75ebdff61e6 |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/1776-434-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1776-436-0x0000000000230000-0x000000000023F000-memory.dmp
memory/1776-437-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1384-444-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1384-446-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1384-447-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/1384-448-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20923a2f27d64b7e66844a3993495dff |
| SHA1 | fa606877b3c8d57d167e53fbb8c6711f0b84e0e8 |
| SHA256 | 3e7c6f8c07f78f7e1c6b93e959214197e70111307d1f58544983985701eec32b |
| SHA512 | e47ba2b60cf0fec9cb354709736956629bb6e9174318e80d0c64ffcfc686b5b7d2163ca5787119cdff4a114872a778634ef8e01b37264c33deae94055a20de88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f4482a2fe86af5d2d1f1708377a1215 |
| SHA1 | 6931e80b0444e76ef56c352530ec97f3fedff265 |
| SHA256 | c680149b20209d8aa2c25c5e59aac864631506f77ba4e0883fdc43ac6b80b1df |
| SHA512 | a8878a9a6dd146cd67a519198cef416ee81cce6cb53051e1fe5f768931d5af86385138b56d2731293996d0f341b626b9fe9f2952cba69b2a882ad8f1dfe0f758 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e15b40f00daba17fe48b16d0ce281f91 |
| SHA1 | 778f38b11f461a550159f80464a58709ee4e0e3a |
| SHA256 | fdf1f4569e9030191223547fd6a090ca765777faa2a98c051a72ca291e978c10 |
| SHA512 | c81062e0694e359c6a434c4a527e181f31ad78204b6bb4c60b1df97c5717f1421fb44eb13abdb4458f63de3bd8a00f785d55cf15f68f9db775d40b4c2c167a55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9751e89ef5c8fa605add5840fc97330a |
| SHA1 | 91cdb97ffae13b71e5ce3b18b469f21d8ea01cd5 |
| SHA256 | 1f56b0e22e600c8434b6dd2e80cf479bc5c26982868c711595e52d066f3e2af7 |
| SHA512 | d1e3a22778967a18eba390fa819ab7b95df0e4dc56c57e900cc3e351161e3b4ca8d3012b9d691598e252f29ed464d9c62238769c777c5c3ad99ca7fb73c2e973 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cb47869bd3299b583cc52e4e7264590 |
| SHA1 | 936907dbcd73904a4c41b0aee07519df8af79e08 |
| SHA256 | c4ad221ed44c98bf8fe1d8af002c65f18976616d589436e92e6c1782dafac440 |
| SHA512 | 9ef0f74d83c42a11a88404dad718d8c19ea674badb6b24b0ba83db553d43484b8eb8b83c4833acb7dcdcddea61666e3148d61fee5096f1ce3bcec627402608f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ed106b91f884411394b7a909a299386 |
| SHA1 | 989c0757528d831bcd5ff3fc804bf70df6d82baa |
| SHA256 | b62328dddd620eb277f0e7c86515d4bc53946c3d06eef7171a760978b512af36 |
| SHA512 | 7f82ecb8ffcf962cfcdf2dce275dcd6e80d12e7576164dfe78e9b88fd77b46bb19ebcc0f7326560411ce73a6a2c5de3f99c0f6e79817f728000bc36546415bbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bd6691f7fccf8fbda10476f2c22e00b |
| SHA1 | e20d035a92c38bff6c3d505e38312a6f2578ebb5 |
| SHA256 | 992cc10da8e6d251b0f3284c24e3899b1ddb4e17051a19889af63093deae7fcf |
| SHA512 | 141ef6373462ac3567415961e43935f28aa7cce368e07781552ef5979e9f9df7496b9f4a6a39eb9383819f75cb5ba08a46688b51a5a8becc8b5ed1e194e6bb84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59bfc2593d6fb248ca8edc704107cebb |
| SHA1 | fc5e4d82a1f46b394611c22c7fb39ca14cb9b95c |
| SHA256 | 8cd1c87168c912b4c86b9d6ab65572dc9ce760e398770a727a6af0bc377c1aaa |
| SHA512 | 635e1066a20237fdf8b57f54afe248bbb6ee35a7203d69fa62e90042fa191d070d3934b8ac2da7092e155bb36e165e39a5674d96dd315d4e8233b9fdece2931a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d378fe1df7ab099e3dc36e30ca49b3ff |
| SHA1 | dcf84993fe84c389eca9c101ea0bdec0b9518d26 |
| SHA256 | 751cd13f061307307fca8d62fb5ea487ea0270cb82586b8d046b4664b2ce9155 |
| SHA512 | 857dcecd892cc8c909d6f740d2e244b3c991eeb573a04e269dbf4bfd47f69108dbf897e265068dc1c079a68966d46855d483685123e2315838112f4df00f2301 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a0c407e00543267b5bb428242134eec |
| SHA1 | cb0e72d1ae9cfb492b0e610ff18a079c071172db |
| SHA256 | 5febdc163ebe94abef8997562799ee6f8c95673f7763d0c5e5d39a6d6485074e |
| SHA512 | 4f19e5affd8be0b62a431d12b4955c21802b232b5b28bf3394b617fab8cb465c557c19f27047cbd02cc99dd9f6e9ea8bb679dfdab7cdfbe1435b252ed767357f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dfd38fee63a2df3bc3cf67db03c2801 |
| SHA1 | 92c2327da7b63ad8439897196bee2ca21adebc60 |
| SHA256 | 286a3f78899a0c9d139544af5dd7c589962b0fd036d23d817edcff157618df2c |
| SHA512 | 97785af119734514c660c4e9db70676485300dcacdf1a0d635c6ce15d70225633f17be7a46ce9f8254a2f73213288dc0764944602f224d5393aa626bbb81d17c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2eb119276d540ed880adaf3caea76a04 |
| SHA1 | 71620838cc5f3ef4995fd9ffb203dec7f7f343d1 |
| SHA256 | 83ad41a8d2048fd46ab4769189d22f2d464add42494d24684adbcf4149eae51d |
| SHA512 | 566d77ed059eb889af663284a8612d3b780beb2d972401a12d48c2a7a40275f672ccc7b57f39ee93310ae6d8008dd04f98ddd478b6dddefadc073cdb8052adc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78880c626ec847427d3dbd40ba2e55b3 |
| SHA1 | bc23c6e8a5bb50abeb9763f90ed112a64e77a552 |
| SHA256 | 44d15cad055a0ec3c8ef437dd565b1d1dcdb669b0281b8eac6f7640926ceac67 |
| SHA512 | 8756c3ad755d4db61b92de77be80a4ba2fa3df4770e95f669e3e774dd590a13c8cf738433a670af4edaa1c4781c5e444f9b2bda203c003236596deb1ea124a14 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 16:55
Reported
2024-06-14 16:58
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aac63732b923e9dc8f1ed11ce1c84424_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4140,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=3864,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=4272,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5300,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5312,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5224,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5880,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5736,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5432,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.a8sfq2.top | udp |
| US | 8.8.8.8:53 | news.share.baidu.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |