Analysis Overview
SHA256
85119b993bc8dd097e44f25e937f4cfef931d8ccc7b74e27db960ac61670fa06
Threat Level: Known bad
The file b1cf832928bba1e48a9ff55b49669c1b_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Executes dropped EXE
Loads dropped DLL
UPX packed file
Drops file in Program Files directory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 04:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 04:54
Reported
2024-06-16 04:57
Platform
win7-20240220-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\px1861.tmp | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000181f1089e9cf8144a9a275dbb3cc585f00000000020000000000106600000001000020000000f2387789bc6e887fe4264ee02f060321a8bc0fd88b138e2471b6ce3b25006269000000000e80000000020000200000000ee4f1088f67a35d5f1d37266fb67f23897f4e191f42b8f07e74ad88dca7319e9000000047e57af351dd0b2751a1b7b7d4fd84f8c67b0d3a4f2b1acc13105c6440e859a2fe72bc874da27cc894349ddaa4dee6db7c83ada4e8a685ede49fd69cca0dc953bc0148297948d3fb53293f47d65439b2229f125e1fa231e17dc76707b07639a1a6c3e5812f43941e85bbb4f0d1ddb4fe8e6c0c7e8d86b073f5b9e7bcdda297ec4f9bc3c682cba1102bcc6fd3743bd12b400000009ae0ff09ba5f1e42de8473f70c52fb02fefb5a86fbc8d4cc5a1c8f4ec31b4131419032de932605bab69106fe08e13453adeaa7f8e7ea07084743ec36795f81c7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f03eba58a9bfda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{838AB971-2B9C-11EF-BB01-66D147C423DC} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000181f1089e9cf8144a9a275dbb3cc585f00000000020000000000106600000001000020000000f561fa37baf820c2e7d8638d51f3a632a35c310cd1473af4ccc774c3dc87cf73000000000e80000000020000200000003016abec0b7d0f8c38f95ed17e6a9e4e9de2e227efded7c732fc3ee9078d6c2220000000d3b0b4ba6ac28ee134314d0ab8ca96efc06f2c43969fce9b8cfcbb043d3a6bc3400000001c749a60962fea62d97c6162758fd80f51ccdc07311eb617933763d8d7a4b9dec3c204732be09b67f04adb469ee1c14ffd2be1491c2f1e7e9c68daf7342a5c21 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424675537" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\DesktopLayer.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b1cf832928bba1e48a9ff55b49669c1b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files (x86)\Microsoft\DesktopLayer.exe
"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:209933 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.me.com | udp |
| US | 17.164.2.10:80 | www.me.com | tcp |
| US | 17.164.2.10:80 | www.me.com | tcp |
| US | 8.8.8.8:53 | www.icloud.com | udp |
| GB | 23.208.240.96:443 | www.icloud.com | tcp |
| GB | 23.208.240.96:443 | www.icloud.com | tcp |
| GB | 23.208.240.96:443 | www.icloud.com | tcp |
| GB | 23.208.240.96:443 | www.icloud.com | tcp |
| GB | 23.208.240.96:443 | www.icloud.com | tcp |
| GB | 23.208.240.96:443 | www.icloud.com | tcp |
| GB | 23.208.240.96:443 | www.icloud.com | tcp |
| GB | 23.208.240.96:443 | www.icloud.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | ff5e1f27193ce51eec318714ef038bef |
| SHA1 | b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6 |
| SHA256 | fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320 |
| SHA512 | c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a |
memory/2576-9-0x00000000002B0000-0x00000000002BF000-memory.dmp
memory/2576-8-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2720-15-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2720-17-0x0000000000400000-0x000000000042E000-memory.dmp
memory/2720-18-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2720-20-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab2D99.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2E7A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d01799daf68bc41cc94f3369ff485cd |
| SHA1 | d5bf68b39dd4457dbc309c0487fca3167c440f2f |
| SHA256 | a4332bbce2f877b22cf012308ab3de90e0968b3d21fad7086d5c0674a196a836 |
| SHA512 | bfd8e922398a61b3a49bc4e64dbb585c9d1432c850f189b080e62c26b1b53a0192a6ee38c6cf93179dd18ec9f7cb91c6fbc65eef6f8b07811103b2248c0fa41a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53996b01645f5842750c26e99282903f |
| SHA1 | 2e9965b847bee869dbc6170ce9f05f99d1e36037 |
| SHA256 | 69188adf9f802c97e77056e97b80020a45d665ea29ec07baab976323e214d580 |
| SHA512 | 62c4c03e92e8115502d1f7ab2ff6fe05b9f1ed0c4632b1ae16c66da2be82151b7b4bde3d4a3e7c80cb1819f710b527072a2d19cf0871bccf6153cabc055db6f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05d331acb3e917f7a627689ecc780824 |
| SHA1 | 35e64a8f5773f4eeb84eafde4d4d477d28c2806d |
| SHA256 | b95fec81a36989af4b5ea80938fd093371f754ff41a0d176c592e061a431b50a |
| SHA512 | f6aa08e4b6c4d48c2b873985e7e945ae1bb8f9993077ae35b6555546caeae3f40eee3b50898dee8e9e5018692bfead3f16d16ecd6de382b76242fce3d1521812 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04ed27841a623d415669ef5abc3ec8e4 |
| SHA1 | 54115aec7abfe0376d188c10e6edcd8c93e6306a |
| SHA256 | 8e9e21911f21aa635692dd76460278906833d5adb31d6e109443ef07e2a768f6 |
| SHA512 | b499b6d5b9b4ba84869c2ebb43804de949470473af2fb359ebff49b732d00ffe71eca08c046e440bc00999c5d1818a00812154cfc0827bc353aa3a149958557c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c6be2aaa9bc00e4a367858d7d22e577 |
| SHA1 | c276ad911046c98717da392591b37fc774e8cd98 |
| SHA256 | 802d2af6230aa3028f074690e8163a8c3ec1166d4e8855399fa8fe712998e4e2 |
| SHA512 | dfecf63e37f1c918e7802d162b47273a7a70623166d504777033c8e4c63c09a30226e6723fe28fd45ad15450bfef4aa78f8437544902bb78f3d2c779d6bd196e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dee4c04dd171cc2bf02006fad709607 |
| SHA1 | 47928a67edb9d3ec473cf4605b1af8bf3fb0545b |
| SHA256 | 1e4228cf03f81a6a6a6c9fc08367207dd9d2e80af89932702e7753ea25a05cbf |
| SHA512 | 887373b59402e4eaf4059b8de5b5147d6266a117797c3022ee825f5531c6619c5cbab46c1fc2960e9192e6c77ea8b663e731c36b6a582cff7cf0b746b957f431 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a683a49c2f41ccc036c35dd765b77937 |
| SHA1 | f647505f83933def7003f0063dd754f71aa15876 |
| SHA256 | 947715b9244643fc2b1f0c398b7ecb2b311646a18742b74409c7db5a6c85b15d |
| SHA512 | c4215c118a84e3376f45b6ec0f660c32198135e0d690929cc05e53b4d43531f0676596037df4a770adf13db6b8b1094bcb521abe75adafed0995a05b26f4ac58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d7753f34af93317e99b4157c7e5998c |
| SHA1 | 4e86ec09ba8574ce8b93c006210214afe800bfc1 |
| SHA256 | 40cffcf5718f7368bc8021fb30993a5b0eca250dc48b069c632803efc583c01d |
| SHA512 | 581233cb2eb5a8f0539eb79202df494d389ee499f88734ab81d843c117a7e9d436be9bfa212093c1c76a242764f9fba2cdbc59afd73bccf477c12c8e77de1ce2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 872d5bb237198a0d78e25934fd8c77aa |
| SHA1 | 7a14766134fd9164118b0282bb7097b784485c63 |
| SHA256 | bfde17c5b1fa7e9c6b196c6633866a08613b27154277785865a9c4b5a5f4674e |
| SHA512 | 442259b3127e21035da78814ecc591ae945a3a42b8adca47d9937878ea7b3f44b0ab808e45fcc7f03cc76bb5b909ee6bf17441c407374fab61f12b70f1898f17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76cf3d30a633926b5b4151ede94fc31c |
| SHA1 | b872c36c0eb957273d0f322ab470d44760f8290e |
| SHA256 | 619665c729e18ac72e3a48d591f717c17a7d4a361ed4a80084f87fc06f9fb2ef |
| SHA512 | c1d136cbd22fb6882247af9b7a71f104599156ede74ea556b11551c2266f5b2df61922621cacd83291cc8db4c3958849224da344034632f7f67997d0b0ee691d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c979099ee1d5b926adafcfff19fa77ff |
| SHA1 | 43c8aff0e0befcf9a590ac164a24b7c7e6887cf9 |
| SHA256 | a3b5c322d2c87e6d39b07d08549e71c0e6b612e98800877bf5fac976ddf6af8a |
| SHA512 | 9cb616421b5d7f4d4c557f383ded2d9cf8f67c66ff75f62753deeddc6b6f2e1080bb0990a7a908f7dff0e4cd2e6495e404f6db93909faf8b56a2cad9354ebe1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c1f25a9358e07a1c4c209fe5469251f |
| SHA1 | 8d7327bf45197769eb7a5c97d841c29738acdd40 |
| SHA256 | d3317bff838e5fad6dc5c649bd93d4e2862cd8b9b49a650595c678ff4764b6a3 |
| SHA512 | 5f2166bc6e87f2783081f09edc8b4b25c63e71ef9f47baffdd73a889132964d90e959d41bdf433fb43b1bc0e83279130a938958af9ed6f19977adfabed4ca023 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a448c7267ebba115034de103411fe31c |
| SHA1 | d79087a658a1dbc5462c99b5430caaac62f3d438 |
| SHA256 | e11ca2ea53be980644b0f105a35ceb9f477f4a63ac6ff45ccfd8c68bf661a70c |
| SHA512 | 467e3442b14983cb8d364be8ac8eaeb467353f08725ef67e8b5c8ed2a304c2b56c08b4d85d72b5e1e8be990179b5052323ff817dd924450877839969d0a495f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82b90a8fb0c3e53a9f72f2c5d97def99 |
| SHA1 | 32165b7891e05430d28916379b1d4d82a9ae53a2 |
| SHA256 | 81bd03b732963d64dc1ad301893f58f2af1966c788a1d06afaa2f622be42e019 |
| SHA512 | 8d5ea5c4932856ad404c11635c538b799e1e7493224baef0c6412121a8112caadc887c2cac94bd21efc698475c4b0c22e27af42b2317b52d29a344afe66668b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4d6c02a1c37cc5be20d5782993f61d4 |
| SHA1 | 5dfa31caf989bbf5b05e0ef6866cee2c58d82a5c |
| SHA256 | 8bb27d4a2d27fd7ebec866a2b75625497fa76802d4db9e4bcd8a091eab8b660e |
| SHA512 | 200a13e75702925ae25589b69b49ed44b70b081c8d5a7463b6666ea759618937870e201ae01c096d9635396dc3cb0c51d95734ece672a8d71d0f3a9fc6ebee5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | deaf4b92ceb350b61baf2289206cc1b1 |
| SHA1 | 4bd708fe3c5ca5b7d6b2b4eff216d1c7b1a27c9e |
| SHA256 | 0475519b9a4d9f09cb9b59d1a8f7ad0b6ae3f4d099bb424d473f27879061d14c |
| SHA512 | b6ca7a5c4548b06a249233720d64d288c028b7d2b6026964aba61108e198f9e6463d5c8d735d118e7d3768124f91921050534af06953f527aac3a5b3a31b613f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f5811e1bc15e69273e94e13f0b3ef04 |
| SHA1 | 53e6986ef7d83fe2a3925e71dbd1461c0fb809c3 |
| SHA256 | 7909efea24f37327345f2689e57ca78fd62d825d0c2ce96d44084a9f3aa0f799 |
| SHA512 | 90e709c619f3457323a16cae9539d5f520eb23c0d1204b375cd74a6c1c9fab9c5d8c886a400f9e142a159eca2ef51faa7be6f9a311bc1b02e798d549e4ffde8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 972809a86ac94fc6e9ddfb231e0a7420 |
| SHA1 | 86d04588db834e612e99095f3934c6d831ac8a24 |
| SHA256 | dc7b143c4c7984f24da92878fdfa55a5e27802edccce49662e12b2423f6a4f5a |
| SHA512 | 148ac89871cfbb7088f3935474cb4b70f109db117f6538506e0afde014736bb56d8356ee9d856cb445118bc28cd92cfbd6695435ce27db55e8b553c745106ba7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91116f208dd8d8491938124243a0a24a |
| SHA1 | 828e30225be1ece49ec7ba7fa687715a8a693f6e |
| SHA256 | abfc3c5dd299273d3ee8d4be3bcb03b7292625bd137ab99f2e1dbf4917c41f75 |
| SHA512 | c5b580aa0afbca4dd4162fa1ac56fe8f00c4ece1963bf7642719c28f57ad34ea0e0fbc212e6aac0f14919617f7bd5dd8e3511e8f77e3f337d24974a83a0d2730 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 04:54
Reported
2024-06-16 04:57
Platform
win10v2004-20240226-en
Max time kernel
138s
Max time network
144s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b1cf832928bba1e48a9ff55b49669c1b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3724 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4972 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3372 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5432 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4832 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.me.com | udp |
| US | 8.8.8.8:53 | www.me.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 17.164.2.10:80 | www.me.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.icloud.com | udp |
| US | 8.8.8.8:53 | www.icloud.com | udp |
| GB | 23.208.240.96:443 | www.icloud.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.2.164.17.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.240.208.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.150.79.40.in-addr.arpa | udp |