Analysis Overview
SHA256
796fdb5393abde674ea897d31432e7e903e653e6426290530da1c37100378ebb
Threat Level: Known bad
The file b2a74bba7f14c6b0d76c8b98c09b0378_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
UPX packed file
Executes dropped EXE
Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 08:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 08:51
Reported
2024-06-16 08:53
Platform
win7-20240611-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000081e12e21188c694faf5a0996e4e1b47d1c2180acf0dd56d5cc3bc4b4d715d3d5000000000e8000000002000020000000d91adb6ed000ecaf397b5d5ad7b5bd8068a00edd40f3ff420efa8f915b92986c900000000812337f530338b9a70c875a2aaa99330acfb165abf0b8791f9d0a79a374a8d696369ef236f5d9717c5d5c19b5bd9c865e1067e4905cc4d0eb3222c19d1f2c540ef86c2ccbe30fae06dc68444debc02e544dbc8f7b438e743cdf0682c533f8fde646264c1e098559ff35d09cc2be9364ec12dadf2c4dbc8a7189c4e06bdec220882ab8f00647d51a0da6626185e3e1524000000061926ca54d451cfbd3c62564a082957c0496f3abbd08e8be84e546e8f39d38b70f1c24008e23d017bc738f058c98c022cbdafac6439c29959b5f49c7c077ec5c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff6f00000019000000f50400007e020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff19000000190000009f0400007e020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30539166cabfda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff00000000000000008604000065020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000009328ca2ba4b7da242cd890e7bb6f007d35f06e2e018097a8a1572724a587d537000000000e80000000020000200000004ba8b61f3f9d25e24b7af7b1d5d5777c75b57d1503582cb9bfb17bfda61d570f2000000013eb08dfc09dbe8a26353bbdff5d6d0f14cde3f0d03eb10a63352e2b3676054f400000004c65b348f0dc3b2bcae5f1d5656c263443b05a589f5e39eb154ba4260660c928478dc6e1929bca26be62a7bdb9acc2e84667007392e3a2a668df27562cbf7bad | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424689733" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{919539C1-2BBD-11EF-B9DB-4A2B752F9250} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b2a74bba7f14c6b0d76c8b98c09b0378_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:734213 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:406534 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:537606 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:209934 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:1061892 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.wangzhuanjishi.com | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | dfb5daabb95dcfad1a5faf9ab1437076 |
| SHA1 | 4a199569a9b52911bee7fb19ab80570cc5ff9ed1 |
| SHA256 | 54282ec29d4993ed6e9972122cfbb70bba4898a21d527bd9e72a166d7ec2fdc0 |
| SHA512 | 5d31c34403ab5f8db4a6d84f2b5579d4ea18673914b626d78e458a648ac20ddd8e342818e807331036d7bb064f596a02b9737acac42fbead29260343a30717e8 |
memory/2736-12-0x0000000000400000-0x000000000045B000-memory.dmp
memory/2736-9-0x0000000000400000-0x000000000045B000-memory.dmp
memory/2736-13-0x00000000002B0000-0x00000000002B1000-memory.dmp
memory/2736-11-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2736-14-0x0000000000400000-0x000000000045B000-memory.dmp
memory/2736-10-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2704-24-0x0000000000400000-0x000000000045B000-memory.dmp
memory/2704-23-0x0000000000400000-0x000000000045B000-memory.dmp
memory/2704-25-0x00000000003D0000-0x00000000003D1000-memory.dmp
memory/2704-26-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/2704-28-0x0000000000400000-0x000000000045B000-memory.dmp
memory/2856-45-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/2376-47-0x0000000000340000-0x0000000000341000-memory.dmp
memory/2376-48-0x0000000000400000-0x000000000045B000-memory.dmp
memory/2376-46-0x0000000000320000-0x0000000000321000-memory.dmp
memory/2736-49-0x0000000000400000-0x000000000045B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab26D5.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5110a760b11be0ea23461c923d89f7c |
| SHA1 | a46d702d199e66d38bc2e06373019cc34f1e75d0 |
| SHA256 | 459172fccbe9114393e0f16e89c9e6a594cb95f975cfc926ec7f8ec86191c7cd |
| SHA512 | 96107638dd09add3d4a939fd17e086dc7fff559936bc54032a06a2e8c06269179ea88483bb70f481618b50c2a7cd44e288bd678a39cd53deeeecd5872bc2cf50 |
C:\Users\Admin\AppData\Local\Temp\Tar2788.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d46d39aa7308532f13fb757ac7d113dd |
| SHA1 | 44248696253e170b2796f637757103254596f43a |
| SHA256 | 50d0db9607df8ec5f23a34214a866f0a0b4633ccaa9d67b349f086687d046c91 |
| SHA512 | e2cce8c3297ea939764a11cc11d145f7a0c5a5fb3c289ca02bbf1dd112c7f4014241e3158050f123d50d31deaec67e300882a1e68a6baab0eecb00da4ad4cbc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ea3d299eed83c94f6757443e457119e |
| SHA1 | 504dd036335e387322873d0ed5babc2374c3bdf3 |
| SHA256 | b3bf57fa2752218deb9dd134c9e537eebf16cf26cac5cd1c154387429d026de0 |
| SHA512 | a27e9afd6714cc80f36ae13dd562eab24d3465bc0329b6ce10a5d02a2c51b8db66ea403bf3f523dd1da4d993663d81433515e6cccb6f2f77daa81afaf792cd2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50441c83ab0697d2fb37429e7a3a3380 |
| SHA1 | 8f13debda71c54d28dcde12cd23773bcfe290e4f |
| SHA256 | 73f001b2296cc8fda869f1bf1e33a18c7de4c51ac77a76237ba15c0f1a82dd65 |
| SHA512 | fc2260b24e4821fad50898168040cbc90753a852ac639a21ca9c71052c9fdda002ba990a2c278bf8b7de45cd4af691cdc1e246d5b651699a38f2f9cf80ebda90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | facd0181542077a8c55f7dd8c1b32146 |
| SHA1 | 62ce23fc0e8b41acb141cdc8bfa90e5da4cd5092 |
| SHA256 | 39f19eed7daed2e5cc7b37c559b1a37d09cb216cf2d7077ad08235d89a11d2e6 |
| SHA512 | 577ee3eba3b9df7499553db0b36b9089ff6fe50e68176a1004e004fe7e46730facbf07da32b3edcce38c964affc715663f177a39a71d9c791fd4b0a470cc60b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8729b2f9defa2a142c10cfe1b86002ac |
| SHA1 | 9e51b60ee955eb1a1d90f04484e1b6d06893d6a6 |
| SHA256 | 88b033bd25badfa0cff3095b1548e0f3c7d896a4c0d4afec80b91bb034693a8e |
| SHA512 | cd38a4caa6a64978d7f88273f1476788c5fde7050f503a1ace0d62a7e169c1fc98a9db4cadc1b35c589efd89df0c7385191a02e1a4f9fa8983822a1d2578c7e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6052853c302fb0bf3a6d60e487134d1 |
| SHA1 | 6fd0d0751e5530178843f6f1b55ab09a38990f51 |
| SHA256 | b8edbd71fbded41a238baeffc2507f32d67526bda94d4cbc553da7d5dc3a6049 |
| SHA512 | 5df257460d17e299bba4753b1533b80b666b3ab6f4769858458bed9b196f6c8a92bf3592a8239d078b15ec1368fc582e6e3cf372a67bdb17e418fe6e2d808561 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 774da9711f91c0f7e4ebf935df51b910 |
| SHA1 | ed108fd26dc40e50916f5780647310f6b69f4f32 |
| SHA256 | e8505bef3f41770768c418c5e0d2078beafbe1d654239ba636f5c8d33aedd076 |
| SHA512 | 0251dddc8c1baef6bdab2b8092f49b22dacb833c228b55f2dd4f0d0ac3555bcf64036f3bec1a614cdd1395b1ae56fabd6db19b9b4c63f918a1ad24fa20354e69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc1c3ffddce5243caef9f3fda1400d24 |
| SHA1 | a4486c4fb39444e95e6158141d0294a858a0e66c |
| SHA256 | 11f1a2d209e2e56f1a21f8c517f0bd61895d498ae957c7d72b5e788cc4f67fcf |
| SHA512 | 24572e08c8a87bbe9f45436b69cb6ccb8cb9294445a4b1050a741b08df10536b8d407b09e47cc4f04925fe01aa6bd1df964e2559a81375baf50f53536c9aef6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 441ee8cfa408d876c0a36c7e49d314fc |
| SHA1 | ab66817dee974dd0d368df88880962e176bea950 |
| SHA256 | 210e46b0fe9abb039383ddc705e60396c24d9415e32e4dedeef1d1e3d7dca80e |
| SHA512 | efa970217e259cd4c891854c32989098fc169d4bb92b30ee24a387c21970be874bf121c4451f71b4155978dbfa32ba807bf6071e2f0ba0054c3b867ba947cb25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 205f1b700ce7721cb80b71cd27117ee8 |
| SHA1 | 16b0602d4de4a85172101e9fb2770450a5af8665 |
| SHA256 | 7826192ed32fa23c2708124fb77a95c81f9f5b500275e0f07f61ca2ab8d5eafd |
| SHA512 | 8b22a6e4cd2be4e0a3bb16164484940d4834ce8005ca9ac55f1ab55b3efafa43f23c91924cf3f2f66d2d442eb594812f20c4adc6dc34ec1cdca3a35ad7c159b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90a74579260a6579cc47a4a709f920d5 |
| SHA1 | ba5eb47d6c439926ace44fa547c61c4c23dbdd37 |
| SHA256 | 14fb53dd0d217412096cf406bb506883faf9cc3ad8250f5146d1fca1b8570c73 |
| SHA512 | e6e08fe20d0b4aa3410da1c3b97303df7d6f1c34fd474a2842f4614c578a7924e0a1f0ba040c4af8945fbe1628c2d9297a621a10b28f38622c8b5ba4cae69014 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36f3275b60ede025cd39810c25ff7a21 |
| SHA1 | 261b47ca3b54a74a4c582ea04e71a315ae962d47 |
| SHA256 | e7f58580ba0524145aaecf9ee2605cba3232b5cf75728683aa24fa9e5d2995a3 |
| SHA512 | ffee17f9702bfe5804085c22e5e7821492bc67d2cfc0c8c41faf6e8160963c599e811ba967d6bee83409758d1dc9e3f7231057ef569caa14115f69da66379624 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82edad352cd843138ceca88886d38fe3 |
| SHA1 | 160f3d1ffbe1468cd346afc35ceb7800a013a85e |
| SHA256 | dc81a0cf9175670baf6b88824eb9bb3e5248d961b8f74ea1b95fb83e2c5b50f4 |
| SHA512 | 50d40a58da496d5d9aea89f99dea7f19047aaefe3cae2cca59bfeac32855de0ac42cc8eef71b17a33752e37858f3ae84e3d4f84d17ff08b9fcd0f612331c1168 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 124db45b12021e1cedeb647bfe506857 |
| SHA1 | f1ebe9da6fb4166986dce0a0cc62d547f5512739 |
| SHA256 | 50bc9b154991d2320da479632e909e05a5d80e410a548d7cd84c1f1bee651a18 |
| SHA512 | cc62d9c33e6f673af116f93915e15cd1d54141e783a5835ae2b5b330f7263258aa407a934ff80b75a3976fb3fce56658f968544bf578a5689fd046b4982017c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35a3c1e45c30cb60f107f9689aba5062 |
| SHA1 | 8d457a0ce60abaf8e1a1eeff292439c75985892a |
| SHA256 | 55acd101dab82d32042c31162bef3abaa0f23e522b7424c8d79e9880068e488f |
| SHA512 | 5c529dfbecaaf52446ee4b286303d2ae5a295d0eab56da6019aa7c634ebb4dc3418da651331b20112468699d7d1719189ae32405922df86abc7095c2e879fce8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8d3bedeba9400f4cca26c93f5186a5c |
| SHA1 | 94f732bdffea6aaae027efd9b128a39f6e3280fd |
| SHA256 | 0e7099310415c2d68607c298980835db4fb10953112180a7c01ebddca65fac1d |
| SHA512 | c837279695537f2221d628f102fe1b2c70aceb59df4588795fffe5e88e5a6c957030c453e768305f6dc0f78065a76257e0f937504a80da348bccca22afbf2de9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a7ccf0d1f138e1be8cd23faa33a858c |
| SHA1 | fcdcffda2bca4d7e5ecd604f1b0d6b251addff69 |
| SHA256 | da94dfbda21a10d16a4f834dd04c13b062eff2d9508c09a0231181d533538bd4 |
| SHA512 | 38e3a10ba1a496ab39ac12af216e635442437a225fcbad20b9550c61f57581bafe2b8c3bb3fd612a2f76b38398738cda3a63985e8558444d5d57e039d965a1a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e42270bb5b5e26f201a36d963ba7b62 |
| SHA1 | b04f21edf983583ef575701eff15b8f65132d2ba |
| SHA256 | 2cc9b5ee428287c1b37838108a4c7352596bcd0b404a0c56505da17d256b2d84 |
| SHA512 | 08c8e14d6788b2fa1e0c4ac1f92c10089b692d4d08853cb39f0eaca55f2a9f5d426ec70affe5346093ba1d31a9f760ef52e1db318b03333cc8186a57dbbd0a61 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 08:51
Reported
2024-06-16 08:53
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b2a74bba7f14c6b0d76c8b98c09b0378_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4288 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5784 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5660 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5444 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5192 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 96.16.53.162:443 | bzib.nelreports.net | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.wangzhuanjishi.com | udp |
| US | 8.8.8.8:53 | www.wangzhuanjishi.com | udp |
| US | 8.8.8.8:53 | www.wangzhuanjishi.com | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.217.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.wangzhuanjishi.com | udp |
| US | 8.8.8.8:53 | www.wangzhuanjishi.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.53.16.96.in-addr.arpa | udp |
| BE | 2.17.107.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| BE | 88.221.83.210:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 210.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.10.44.20.in-addr.arpa | udp |