Analysis Overview
SHA256
f62ca82f39c62a9c58912a7a08353ace0e1ff130dcb2c66445f495e957ef3096
Threat Level: Known bad
The file b164ad65fbc78eea26727ccac8e94314_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
UPX packed file
Loads dropped DLL
Drops file in Program Files directory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 02:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 02:44
Reported
2024-06-16 02:47
Platform
win7-20240611-en
Max time kernel
145s
Max time network
122s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\px59D3.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0708f6497bfda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000066737e7582d0183bd2e565576595ffab771ca68954dada44b07aee6e7ba0cf1b000000000e80000000020000200000004242561533c92843fc6dd2ef5f8a6457ed9f023375fb2425145a180b5c35f09e20000000b03b5f4d3fc2afc1ecefa767b859b9f12a0f55142527fa2c1124afad2d332e88400000003b74fbf28d9fe6b1d6d0bc92e4f366e003022e01220bbaff3c00545b12cc8fee9d22d98d2877ea4555f1714a87943a128040b2bfb4448098ef1bff9d60ac6f10 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424667742" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000b8bdf31364eb384ac5e28ff7abebc62de3aa64ac537d220d1e13911b943a6882000000000e80000000020000200000002089d73a68ac8a1fc37ea41a1753f489bae8e529bea36b371cd7848dda0ed0f39000000060a249dc4e3f9d4b595eeb5df2305a21dc9d6f0999447eacb923b9bb2703ee004247774ed381ff24250cc407c7afd7ba0cf04399ae9d2c89652632c5a7756175fbaa50b3e56986f5cbb115be86af8180a300392554eb3d7be0baaad6aa3aaf9aa81d21669a5c11aeda78b0d09fcad655cea72a38090003f2a6e8e5c2e37822e0972969329301383f7dad4c234dc4487240000000e60fc511895238287382842df23c32d0b8ed8e44d56d3c4047f05d5b8d0fa4256860f1ae0a4642f9bfe3aff873d64727daf6816fb638578625eaf84d0f8e5c38 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5D660131-2B8A-11EF-A0E1-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b164ad65fbc78eea26727ccac8e94314_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:352 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:352 CREDAT:603146 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.huisousuo.com | udp |
| US | 8.8.8.8:53 | v3.jiathis.com | udp |
| CN | 139.224.192.17:80 | v3.jiathis.com | tcp |
| CN | 139.224.192.17:80 | v3.jiathis.com | tcp |
| CN | 121.36.251.253:80 | www.huisousuo.com | tcp |
| CN | 121.36.251.253:80 | www.huisousuo.com | tcp |
| CN | 139.224.192.17:80 | v3.jiathis.com | tcp |
| CN | 117.25.149.160:80 | www.huisousuo.com | tcp |
| CN | 117.25.149.160:80 | www.huisousuo.com | tcp |
| CN | 121.36.251.253:80 | www.huisousuo.com | tcp |
| CN | 121.36.251.253:80 | www.huisousuo.com | tcp |
| CN | 117.25.149.160:80 | www.huisousuo.com | tcp |
| CN | 117.25.149.160:80 | www.huisousuo.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\CabBC5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC65.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0b884fe28df304b84c88759b73a73d8 |
| SHA1 | 57d6739bd8070890f1696aac31a49c4242b168c3 |
| SHA256 | f187aaa8eb4d58cd3f3381d381da9b0224174f578f1a7de20f7287052d0ee7b3 |
| SHA512 | c5a10a7fcbc59848c914ba04e74dbbe93a5ef073f207e92d9d6e836491b1e64f8289b95e2a851758becf34e6762fed687c12aa7acb02785c3f7c8139eef4db84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 134164dc12d325c5a362e876d8629d04 |
| SHA1 | cc9cabb1d23fd3bc35dfbd7e78a52bfc656baf5b |
| SHA256 | abfd1993bed7779205003e87430eae4a415d8c94ad97ec0ab83c5faa11f842fe |
| SHA512 | 888e970778ddaa7b8512388ef962eb8599021dddcf7b19430b70344a64b087626395687c80f366ba22280f53c521d811cde5af4da5d61dac0a5a501d9a193189 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a10a43bae2d6a5b9b6569d2347b27566 |
| SHA1 | 9f09878e2f1152e4e37b5add950a58b07c69f292 |
| SHA256 | c1e7b13b6a918a55f981e8d244703cd0e71348909ba9affce65c1bb1ef95007a |
| SHA512 | b1dfd73bf32ff8603f78412252d18fb80258e9e690c41c558f3c245c7fcacb911f540f4cb50c0822a391869cf408d320ffa4ab9cfa83eb351f2f127d395dce50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a7ffafdfb6184992b5012027dba6f8e |
| SHA1 | 60f2618a4ff4d7ab9062c17883fbc56c3ec86115 |
| SHA256 | 2bea8e35bf66987497bf97b85d107eba4ed7fa57ccabba13eef4851f66a1b690 |
| SHA512 | 68700099f0d4655598b6f1a5c9278ec9aa9e0240f163bebce2a49ebc82f2cf0bf4e0bb518f3cdc5af12ccc5d1dd14552eec8b969ba03a12a63471e45d4c8037d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 994ac6a05879b200f2f3356c3dcca7a9 |
| SHA1 | c3a9e903ed683957f02a60795ef146ba2f272884 |
| SHA256 | 050f9a4d60f25d9662c85ea2f6164111a245295b7a1a8e1110ff16ed5e3945e4 |
| SHA512 | 80bad4899fd586a87bf38a6e2118deae1450cbba248b955041cd236ac474f37cef814d17cf75dbd8b1740710d9afb5889f1cd92b77b04830a8d8f8592151ced7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 267787554d338a4a0a1a5f5b8501e55e |
| SHA1 | eae56ee409212938bdfe8d80bd4079f6c1fd0cc9 |
| SHA256 | 8e6ca9855d2be1b38914510cf2ffe9bad3983f22377863905efc3beff15c1938 |
| SHA512 | 6f4cd3c5140fbef7ab917c0413760cb5a3f23becd38bab6d1b3e522e764b2ac07bc9c8a17de299cc44765386f710d34e36972ee3596130c9c2d053a9d7e928c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8affff1c464eaf722622f91213ff03c7 |
| SHA1 | 759b104ee6f18ce1a1aadea0d35e1039be9ef306 |
| SHA256 | 222aeb56720a61943cf73afeda1856caa855dd3931ff4f8f5db0228a881f08b3 |
| SHA512 | 562350ff5b7b49bda0ebe716ea9a61a595746ab055bf94e317ff2f446378b8def10ddfb4f102c3cd7e9f80f762eb9d4fe64e4d5f5d46894e2b4f36317f001431 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2c638e27f2e9e377c778ae4d075a571 |
| SHA1 | a0eecd2e47fcbb267cbf47f830ecdbe53e2f744c |
| SHA256 | 6e1c51b020bc7491f553939272e104f02abfe54162ae03735beaad33b229c309 |
| SHA512 | 5cd9ab5f20cc020a0021373cf90a13d3fcba094e908bb96a9f65c81e46df3acdc48c0f3c634edaaedf5c9366a1e5b3cdf93c2129ffdb6f54a410c2137a1d7766 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25d4fab117a230ada48b87f756f9006d |
| SHA1 | fbc02acdffd5b9f5d51115185d4985bb65e6eb01 |
| SHA256 | 1459198dc2fd9eaf2b3a1d9904df42d75b14ee62b56814d88e2dff61c464a853 |
| SHA512 | 7f48626240a601a17534dfa7f04d8824a512c07c4cb9ca411d4d755a29920df34559e9a4198ba76d4cd028cb93a9bdfb057f8d4b086ac68d55b78c91ffec02e9 |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | 2a591a91440acc2cfabfd0221cfe1378 |
| SHA1 | add23a4e51dc5649984f56c235c48382f5c4f235 |
| SHA256 | 2f37132fabb06650873ad3bd0b15d2c13596fc7be401c0ca05b443c9a227a44c |
| SHA512 | 3018caf86d187c14256deb92407157daf116720623c9ecd7d153c8456d4d1f9ec9b7a88db6db9a02f06367301af5d6c3d30e62f8ad04657fd651d4221a9287ac |
memory/1144-452-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1144-451-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1144-450-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1144-449-0x0000000000230000-0x000000000023F000-memory.dmp
memory/1144-447-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1724-445-0x0000000000400000-0x0000000000435000-memory.dmp
memory/1724-438-0x0000000000400000-0x0000000000435000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62c43a01e9f46796f282873880c294b2 |
| SHA1 | 434732be902ea0869bcc687f18e3d2baafd9ac1f |
| SHA256 | 7cd04eec375f93529a1eda3052647d88101250bd1a937338039d854e30dc9501 |
| SHA512 | ce13229efa0ba5b2dae34b7574a8105e5ae383b3244c7967b1f83d4e355bb21ff08b11b6671fb9b14c3420d4ad61232ab3702165715890a327e6bca63214764c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c661c84bcea37504696f19450665cc0 |
| SHA1 | 749923031c9c1c963a1c716902a49046d8b4f999 |
| SHA256 | abd2058bcc946425e8b929f23615b5751ff087d8d5227c723144d28e603e589a |
| SHA512 | 560175ef1f87397c4fad605ac56e1964501f05340103f66c1afdac88e6dd891040857ce8d85bd88f51f6f2068c340dc949f8672a0d7ff4a6aae6a54badacf1bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86f6cc70baf2cb1a4d8457ab1012403f |
| SHA1 | adf1c346976a92f5ec96139c674e73f83b4b9e41 |
| SHA256 | 55f0b851e1ed56549c91f26e757ca0ebe7c09fdbd25e5d45e11d9470f3031c42 |
| SHA512 | 5eaae9749b5f114c9fd228c289cc124486edcfdea35bea4219127bb019355efdeabf00c529ae2deee66676df27ceda2b494c9a79c4eafa2c0cc2aed40c77e671 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7422d1fb16ee64c8e0ce90fef7cad277 |
| SHA1 | 7631f229bbd5196f5806f7c409b4fc0339ef8922 |
| SHA256 | fec199b16dc164586ee15ec4648cb3aa322d43ffe0c735e359d7139982930ba6 |
| SHA512 | 8b2ef5de0c1eb5dd7a7670dd285e1ef883fa03685be723eaa082ca2269f3a22faa58df1272a79a53117871cd257a9c288ed3c5c01b7a1a90b4d1869b159c90e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81bb6139de9fd2078a12eea76d25b530 |
| SHA1 | 1f2bad2844b71ebb19cd72c9243c07ca5057b12a |
| SHA256 | 7f5a5c8a1b4041f11cad914a0df0a8119e02a7641dffba0ae0ef158836bdabf1 |
| SHA512 | 107384630e8fba60a61246842f875e6dc97330b750ee69d7f88c55871b8fc430ac08663c78cf0481244fbcdf36dec71cff091062576fa342868bc1afa4710c77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 775c84425f3946765b941fb9d1af0b81 |
| SHA1 | 66f050990551b8b0a9a695d8275b7ee907e43544 |
| SHA256 | 938c434ea0810ee811f3e6f1c4b1f7fa34aeb5fab6a27271d25f2fb0bab9c8c7 |
| SHA512 | 836849cce53abdc2a770ed876ac95ebd44ffc2e0fe28a1f5a88fb81f7ea15ef0d9e4898bada5233edce158e4b1682f591cc9870b79ff1692965a663aafb63b64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52c88e4580752e42b5af01ee39688a0d |
| SHA1 | 20e6afd2add6685961b6a33a9408741a5a8964d8 |
| SHA256 | 956e1f487600e4d2705aba4a0217a0aaa7852c682bf48368d1b76537a921587b |
| SHA512 | f012712019849229f45c536ee51f98fd49fc43a6d2a705bdf614a799747b228039748d34851802a38e5d8bb32df01d9582be87ffc2c35cb530b8bfcfd79ad67b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e2ca9f2a39058d5ec913caa580247b3 |
| SHA1 | 5a02b2aa61c46766d85d5c0de6eb3a6c75dade75 |
| SHA256 | 25f9c71e1d1e79c769690ba55c0eaf7751409769351461ab8d9502512a5f109e |
| SHA512 | e035be61341765db08be3ae3f09e9bce06214342c63576e08e3d82ad8fea356c0c3655abc53c239792b84c860bf7b63a1d3bbabe272b6f8341431bfb765f6d48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e1107353fbf077754f6af5ab58f93c3 |
| SHA1 | f14628dc0480e570d3881f7b109006d7d31c33c5 |
| SHA256 | 7f44beb34241551b127c8cc04f79d371fd3e645cee45c23d51a1b66e0d78f94b |
| SHA512 | 9077b7933a5c1bc861c47ee85371122b49fe54bc9bc1b002dc4dc7a8ba692c4f61acc2c617aef4ef22e111a0fb73d6229b7f7833a5f54dff1d36358f15357a73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 618f0bd9542d7d960fa2a3cb5b4c4cc6 |
| SHA1 | 91b351e2329f0e184df66313ab2672996abe1234 |
| SHA256 | db42956b3569702c955696932bd001161ac3ef82c2ca0e8b8f456614f4f6d876 |
| SHA512 | a939b0c2f86b54282a6d9537a9d14e0787f08623a5a9d54abae40ca0cfda1fad7b2e45a594483a6c6b87ccdd4571928626ebf0fa0a064c1ee9c04c542f7ee71b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 02:44
Reported
2024-06-16 02:47
Platform
win10v2004-20240226-en
Max time kernel
132s
Max time network
145s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b164ad65fbc78eea26727ccac8e94314_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5012 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5312 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4820 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1416 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5980 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4620 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | v3.jiathis.com | udp |
| US | 8.8.8.8:53 | v3.jiathis.com | udp |
| US | 8.8.8.8:53 | www.huisousuo.com | udp |
| US | 8.8.8.8:53 | www.huisousuo.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| CN | 139.224.192.17:80 | v3.jiathis.com | tcp |
| CN | 139.224.192.17:80 | v3.jiathis.com | tcp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| CN | 121.36.251.253:80 | www.huisousuo.com | tcp |
| CN | 121.36.251.253:80 | www.huisousuo.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 96.16.53.162:443 | bzib.nelreports.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | tcp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| CN | 117.25.149.160:80 | www.huisousuo.com | tcp |
| CN | 117.25.149.160:80 | www.huisousuo.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |