Analysis Overview
SHA256
5624bf364b13f57ba85e9d4536115bff5600b74e9e3f98047ffc5535e6e8db5c
Threat Level: Known bad
The file b1f02dfeef161b6fa2b83151ef736058_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
UPX packed file
Executes dropped EXE
Loads dropped DLL
Drops file in Program Files directory
Modifies Internet Explorer settings
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 05:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 05:34
Reported
2024-06-16 05:36
Platform
win7-20240611-en
Max time kernel
144s
Max time network
147s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px165E.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0a860e6aebfda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000f8497be4878d72c04a679db34fa3e89b85520dca7af060903db1c4a2870cbebd000000000e80000000020000200000004013162ac2a503311bd486042d6dca405a5303ba75663802323f252c3d57c41590000000e0ec4f581b616e33a81d83897296b3aea02ce9d77fdff2aa7ded960501302c47c03049989b8bd70b7db77e63a2f09bdaa8b59945cc26ed0b9961e6140eb18dc580fab7b42a5c597d29bad34e73f4fed40082db3700473b1949721f6854a037c68ab79c5f1334f1a6e3e91aa84b66b2f49b8d7a6a5e288b3e106f5a70102577d7655bebb9c944720d7521a1399d537e2d40000000bde25b8557e3d2c814142c5fcfcad6b9c88bbaff46c5ca0d38c9f800a5a40f5869d39bff64d431b172a937d059709ab07c41ce0bd3a155731656e4faebc99a0a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000445a13e6cd9bf6e2dc2e32a8f1600831b06504c0434fef6afae657cb490cb400000000000e8000000002000020000000288ea63c85b6f50534c614baf94bef058934402139d2146f2326f62e84cdc2d420000000030e6b920081bfb7e91e590c1b8f8ab5fde0066fa9c209c21648a03cb206e8a9400000003dcff9937774a85fc6530324d495bbd28410de778a9d55eb1b79bc57bd0ffd0569ca271abf7f7ad2ef790e43612934c39736f784ff51e4cd44f5561080548695 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0CE58F11-2BA2-11EF-BBA4-D2DB9F9EC2A6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424677914" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\wininit.exe
wininit.exe
C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\winlogon.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
"taskhost.exe"
C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b1f02dfeef161b6fa2b83151ef736058_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.webmsn.cn | udp |
| US | 8.8.8.8:53 | www.acriche.com | udp |
| US | 104.21.16.102:80 | www.acriche.com | tcp |
| US | 104.21.16.102:80 | www.acriche.com | tcp |
| US | 8.8.8.8:53 | performance.radar.cloudflare.com | udp |
| US | 104.18.31.78:443 | performance.radar.cloudflare.com | tcp |
| US | 104.18.31.78:443 | performance.radar.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.153:80 | apps.identrust.com | tcp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | df455f0fa8fb3fa4e6699ad57ef54db6 |
| SHA1 | 51a06248c251d614d3a81ac9d842ba807204d17c |
| SHA256 | 15068b86edc0473a4f96f109830318e0540af348197e2b65f2e90ff32cfb14a1 |
| SHA512 | f69dea5b68e4fc8737fc0e6ef48476d3ed0a5ebd2f9dccc9d966df137f9ffdbb51e413a0852c22399afab53ea8a2755664afdcee6897a1cf387a9a620481b2a6 |
memory/2676-6-0x0000000000400000-0x0000000000436000-memory.dmp
memory/2676-9-0x0000000000400000-0x0000000000436000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab3249.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar32FB.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abd82b1da424ba27403f66d4fb4c2904 |
| SHA1 | 3c733fbb0e461cbc6ae477f61f2cf54bb83e45de |
| SHA256 | 64ba0e9abcef6c2afde021cc654af7cd6492189a61c1467fb1e56eaaca250281 |
| SHA512 | 13e08a78681786e843144f97eb80a6d02782fa748ab71eb9fa6e836aa17ede15bbc75f0b729748aa6f322373df0f5c5f2f8cb3575e8ca92cf20360a741036cd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cbd2a4a98c8ff2aea10d9f8b1cafb9d |
| SHA1 | 5882de70b1151d00575606d1c9f362351546408a |
| SHA256 | 5c89f3a3a62b9d1f7706fcba3f06a1033abd8880b1cabfec9e69a15b53719825 |
| SHA512 | d6e19d362698446b3665b8d56074517d054783512945931592713f151437b69925af8dc3983517ecc8bfa9da74ed66de2b0155b60d4e63bdb68b53029f94a54a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d4574ae8d0b8da05b9e68efe5b5d881 |
| SHA1 | f26f8f99f1feaa36d92ea28be1782e0a1e2d586b |
| SHA256 | c65cc182ccc0d89cec9d7270254af2934bc0ee9b9c833cbd08da40e1742e957d |
| SHA512 | efa4050c81fc896c927316fb4f4c7a1873b50278476f7f14fa87ee1cd800c9d0f20dafedfee7358b11cc514f04c8aae606740f890353d1fa1d3c4f56cb3de433 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e50a2a13f1d7ecb16f677477e935c6c |
| SHA1 | d0cb1eef61aa2e5b91e6b2c7959aadbc6288ebce |
| SHA256 | c7fa8ec512eeb9aafdfa31fb560cd0a036cad5752bd26a263d8d341c2fa6e154 |
| SHA512 | fd43fb77bb63ac2844037a925e6f96456a2bf29bfbded2da27a33e918744513457b477ba87beeb71ee7c5a8cdd3f42bdc660b0853f9c83a0dcb22e1e41f1fc13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d658bbfbafd23b66593b19dfb02bf40 |
| SHA1 | 4a97f1067049ef93a5655365591a122a6e5b40d5 |
| SHA256 | 759bf578dd356e05ba9f3dc8165efa7c0b76392d58412706d0541e3903637577 |
| SHA512 | a1585e2749ec8972bdc36afb2be340edd1161216581cc3afa756221c8c32633d0cb05af7619818547e21e87efbe513d4295bf441bda93a724a36ae985c1e808b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79a172eeed2af6d90a31e88608f640c9 |
| SHA1 | 6a440bbae85c2631301150044d7d79468af97a73 |
| SHA256 | 4e7e489726b49f1020433153741aa030f6aab52d3b6ff7d8db268b4c65684814 |
| SHA512 | 267d91237a9b5ceeb6953b6a34625518f54cbb5e2c256bf187dda43928c3f153d857067660a32586cb597d7cf805993395a161f7dae98ecb2b5b8f6a7a66e8e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 941e0bdb25247e6f32840fcf45970304 |
| SHA1 | 43a3858704709a552e82dde254deebdad311d412 |
| SHA256 | 2605135297fe327c97aedccac222fa3f50c2b0c6aaa411cf27abb8ad12b84307 |
| SHA512 | 0c01bcff69a432baba7a8766c518a10c093c956ba44ef5f9e982eefde069e8d0f56520387568ebc9e12e6cfedf5c6fa6b56ba95b4a875006002507cb11686ca0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44330fd60372169149ecd1a96daa2cd9 |
| SHA1 | 4f8a3127793f0ef74db776a98519ac5b7f0d5e07 |
| SHA256 | 742bc62043d083a7a3dc2f822fac0cd476e010d0d7eccdceafc88ddd5319f945 |
| SHA512 | e5fbdb240b55976bcd5fe7221878af61f2273dc5e426a9387f301938b65d814fa0a4b3332538d9f37f410b9b43e39ea6608092e747b13a280cab87e32ee78dc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbb5bd2c392ac32b1bc663e59f42e7bb |
| SHA1 | 983deb2a4b074d938323de2b192c3decf7db1eab |
| SHA256 | 8e2d7c752458d189c959562e99e86281a0ba623130216009eeac632fe5d7e72c |
| SHA512 | 0ffc86c27f3a9e4dc11dfeadf4fef91516f0cc4f4ac4b462c3ca0600269e39d0730fed788d43a4e7205f93677ba664093779d6df051c4b9b3bc37516b509d242 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90167f477db59ec17d5043e9e037ceac |
| SHA1 | 6b4b122816844a703386efc9a46fa02c7a19c5e9 |
| SHA256 | 96b2f70899d65efa957b4f9ee4284f6358086ed168028b99fa7bb8d38e02c78e |
| SHA512 | 9b94e2b411a5c99bb2c4f7fb6f3a03074d7217635fdace535dc776d824eb5d21cb7766e237d89094f383d13a5a518e8df7b25b7d295100b0f71d76bbb294dac2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 042a0d0aea597d45c3664a9cf253bc75 |
| SHA1 | 3aa0e0aef3ae2c51650dc9f15b164ecaffde6cf3 |
| SHA256 | a31ad0afaac270338d6a41ebe4487db8289a6d7ffae6a3657a7d89ba4e6cc78f |
| SHA512 | 0786fa154e326d75a839070ac48061cd84f596524a4f11ea6ed48fc075cc1bdbe625a57efaf68ecfcaa2d6a54735f341d9bdad5d6d76b1be7744be92c587b2c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5154f48517f6b3cd167b22b05c022bf0 |
| SHA1 | 93791c23c7c60d87572ca5a5ec3835974db4228f |
| SHA256 | d30c0d699b8730f74d19d3670d2c4a54dd7f3d9a05c4939345647125606bc882 |
| SHA512 | fa0fbaa3158edc5e5230a46ade72804f81df9a88ebb0228f839b8c8e288bd2b5a5b5a4d2dd7ed9bf7f13b1cfd7dbefc267adf9571f768d863e263f11ed8d6461 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f1439232926360feeb4325d78a24327 |
| SHA1 | 154c01088b7489454b47618ecc857910f674a8c2 |
| SHA256 | fef688c241504b5facabd6595bdbb0a91ba39663d38f054950a1a11aecfa2c83 |
| SHA512 | 8bb13254e071849a7d48e46de4b0b1239dcc77bc22e591a79afcca7b76f48cc82e67b8168a580b3a67bc3d83664071bbe2f9b36291dadefe4277271e31de3b8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e4282a88eeb0464268c9697ffdce05c |
| SHA1 | 69c263d04ee3469697bfcb358413000ec98fe8c9 |
| SHA256 | fe8cf818d77ae41db51edafcf567bd7f88fdd60692149242b452300f5cb88bbc |
| SHA512 | eb4f9ccc5474612b639733b3c6d39e95c0175501746f4ee93cd1690be2d61ddb1ab0a35528d38112e6ef2835575eb8c27fa408bad2cdbfb97d3b2baf7e23779b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caf4bbe130c490e8cb5f55b8f79c7a1b |
| SHA1 | 9fd459089708bc5ae9134daf2279cc9d2801ef3b |
| SHA256 | b315236ca29ee9b2430050f7089862e28986842897f44fba6b56e3f95e5de61a |
| SHA512 | 3d5528a406beda4b2cda5300f0a447992db0be61a9dc55dae7dba38c8197976e4acaf9bcdfff7ffe205a98e64da96dbf9f0466a19517d10c8d1780196fe7a25a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1ed17082138b07b787693195119cac7 |
| SHA1 | 8059c459d54ca8a96d67cf16a6801f8b1ed4ed42 |
| SHA256 | e5cef03a822194e96a71c9bab3b5c53eef89657361e0f1ea52dd7613c5cbfcc5 |
| SHA512 | dc61fe30520760822db82175443f4199258a8cf3bf1a25cc727eedc839b1d94ace980f0f96e556be5db24f196e2a8439aec59e6ca157cc8e9a99d6700e829fa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de4b4738966346d59d3d4ddb437ae4f4 |
| SHA1 | 0cae2ad60a56057edd69b0696bd16758cc428129 |
| SHA256 | 86b19436bbffe1fb863e37c010bf6b52494adf8ce3edc89ef1bfdaa302ce65ed |
| SHA512 | 350baa211bfaf7ac80ec6bc7f41ea5bb6b1e6eb959c1a54a2c31a6cd3c878bd4eb89717beac979554885cd8ba6ec5aa83834de3775aa9a8c661cbcc4b6d533ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15955397c270b7561da60c71c1764d94 |
| SHA1 | d97d124fb93a76d17b9303c0879794d1f8b1f695 |
| SHA256 | ab14e4ed0ec3b1d9f668050edb7bfac6c8732ebe905daa0121b424f5adcf42dd |
| SHA512 | 9a54567c3bc8215f6379cf1e607d76cb7b3db48fb91289f1ce80a46d6e902e8d5b7b93df8c2c03a4526b7535dccf40fbd925a7ec8798cf9d0b475ca442d3a2d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9de446fb157db367398669b1a79d7ece |
| SHA1 | 41537d0d029cfeb30a8134b0726f9a4cd87cd425 |
| SHA256 | f99d27b5a45a7e6dcfc6f6883b0be118cc4a7d6ecaf09b5213eac6421b62e489 |
| SHA512 | 7ace63916727bbd93ce3b077f71278e0622ab691364b14fb3afc49972966fd5e5e2b91e95659b7ea718844aa0549c5b515c4625168dfc5c7d72a789e5760c9cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 690c9c524f5b6627948ee482da9e277b |
| SHA1 | ad738655adf0f36704ab575425089df9d9f1460e |
| SHA256 | 90481c4fc841922e10d457555703c7ead5fa1a6f36b3ac41bb2b71fde8c987db |
| SHA512 | 5f31370f5c638ff8c46bd9ed31148e1d7b6856b4eb9f1414096e4eecf6a766d0a5b3f59e001b4f6b72c8a785b798079b670d94f0edaaecf5acb8cc92c3a769e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 599c1103df56c271577e24a16a409716 |
| SHA1 | 0dfa768c8901b023c1d45df61d3dc8a51b374a1b |
| SHA256 | 70525f2d5ab36f5b0bdb8049cd2b543a280b1db0f025f4e154f3bd1abea20b5c |
| SHA512 | 55221cacc0d3ee978ce1cf7b523a789812bab8217387cb0638dda65944f6d148319f3db1aa77c8ec75aa7d7c060b2b943e646db6c3e0d259abbe14c049e1dd9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc42c4ba9f6539da1851397da407cc80 |
| SHA1 | b02283df339c6f77b2ef0df1234662e16a241d85 |
| SHA256 | 03ba59e7e5ee00ca0246f522e6a6f8875d4e095aecf7788b2de572f130952f4d |
| SHA512 | 8418b7c6b9cf9777306397ebcdbc5b18ecd8825b7e028a4aa43c211fb5eacdfa308faae95ea151a3591d805b8d9223e4f85fa9111788ec89c4e2d5966f49cdc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a88651a7e17f91b47fd01f9723038bdf |
| SHA1 | b0a47ce6a4252616a8b80a743760d6d7f9972082 |
| SHA256 | 383c03922852d116f3b6fe76de70c117c30a8cb66dbc18c18226a65a4f7a5f80 |
| SHA512 | 60886fe873273c721736381d56ba01211328134885808b1d7a121ac77d7bfe9484bffc769bb0bf855e15cca96d26be701e1629bfcd4d1364f9b6659fcd543a11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2bdf9e2e6cfc5fb57856f7b0ec69101 |
| SHA1 | e527eeb88214398c971dfc28ff9ecc2bd54a638f |
| SHA256 | a5f8099ee8ad815cbbf2d4db3fd83575959f9cc5a515b5733cf186e1f18650a9 |
| SHA512 | 08afb5b6779bb6cd7b897879a1e983bfb085e2af2bb4352bbd4c16b9bf2a0fa9b10db630f219cff01c28f722b2ec848eeb1188fe5f130aed0c9b5cd7c4555bd2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 05:34
Reported
2024-06-16 05:36
Platform
win10v2004-20240508-en
Max time kernel
144s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b1f02dfeef161b6fa2b83151ef736058_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4156,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3752,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4956,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5324,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5444,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5780,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=4256,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=6112,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |