Analysis Overview
SHA256
111a140240efe493aa5370b8587735b7b3ae9ecd6bd79adf372464ff8036bb96
Threat Level: Known bad
The file 0fb4668739fff9075a4f596c307333d6_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
UPX packed file
Program crash
Unsigned PE
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-25 22:08
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-25 22:08
Reported
2024-06-25 22:11
Platform
win7-20240611-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Ramnit
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{808B6531-333F-11EF-A01D-D62A3499FE36} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425515198" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{808A53C1-333F-11EF-A01D-D62A3499FE36} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/1180-1-0x0000000000220000-0x0000000000221000-memory.dmp
memory/1180-0-0x0000000000400000-0x0000000000462000-memory.dmp
memory/1180-2-0x0000000000400000-0x0000000000462000-memory.dmp
memory/1180-3-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1180-4-0x00000000002C0000-0x00000000002C1000-memory.dmp
memory/1180-5-0x0000000000400000-0x0000000000462000-memory.dmp
memory/1180-6-0x0000000000400000-0x0000000000462000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{808B6531-333F-11EF-A01D-D62A3499FE36}.dat
| MD5 | 2304140dcedea9a67cc0870c745cd569 |
| SHA1 | 9961f1cacdfe8184572d7df2db5143172f493ec2 |
| SHA256 | 21da432199c43b71f4de62bc6546bbc553b596f322755060ee7c560e6140ce86 |
| SHA512 | 5317b7a8ab21d064190815f0cc479095ba74a434b3103a13198c4c789804c9dc671d2b7b3f3d7a17ea12c68c7ebf408cb47d374f9e6cfc8435ea80263875f744 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{808A53C1-333F-11EF-A01D-D62A3499FE36}.dat
| MD5 | 3795911bb104310171f7d354233d4507 |
| SHA1 | 7b900e045e45ec64bab9d97fead681b591bd174e |
| SHA256 | 28e5cb8e4621ae4581821ae49e61017f50748c3db0b955e3aeefa89981b53fb5 |
| SHA512 | 7d04811babd50b7b224f4325a8b0bbb7dad5546ceb5f64bb6260af045f36f455921c539d55e54489a34bfab56554973ca924e1f1794c255373fe7bcc56eb58b9 |
memory/1180-9-0x0000000000400000-0x0000000000462000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab25BA.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar265F.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3636f10653e7e1a5cc83ab38ea9310a |
| SHA1 | 1244016f060cf1cf01da79f89363a13070fad2a3 |
| SHA256 | 078a15cd890198768e8cadc698cae2e6d9053253c26f38d86fd4c295d567c082 |
| SHA512 | d9c8e4138c0bf55d940c8a9390ecdcdc9957841ca8c5d168d504fd3f4d136fa445e655a251c609182eedd17b73509fe9ddbda1ee051ce71e76cbfc5ead1f83fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de0b549105ef0289f811bdd5ad001630 |
| SHA1 | dc4ba559dfbbe2e1a3f83872a6bc47628661645b |
| SHA256 | deeef6e8f3bd5b064fd75fe0dd0853027adb8615d777ea1c68a5159adbcae44c |
| SHA512 | 383adc6b0daa02ede88c30833e17d40dacb8e9733e49e7f9b6d2aa17cc496659b88262a96dfb17b700e3c2303f6477904d454d040a6161b1b8dabae6a57bbd34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c6e5e872c5eebf0430d853d9da0cf91 |
| SHA1 | 4332344548250fbb75501139e4ef98be5186fb87 |
| SHA256 | ae7eee7c87906ca5768e4d50cb509aee07525702f824871f2694622fad48ab57 |
| SHA512 | 48c90e11114e0f1fe4e87f119995230c975562b6afa67d82a5f960823e9e6ca4f95cd8753a56221347736661b069c265d1a4ef14061f62311ff236a2cfa8cafb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79b2d4b524003628bcce3a3740563945 |
| SHA1 | e03f19b5f74e36b082848ce8dd4f6cadefaee432 |
| SHA256 | 5ff8bb727a2d1bd8b8e186ac8c5acad1e7885ff53f0223c254e5205aa4f6d63c |
| SHA512 | 02e9bc23f5dbdc31f7475553f5adce2064a6f8bceb4f0ac687137fdbaf40a596013c5bf5e7361b2f2f49da3e1a03ef3a43bd59ed920b359d6da5b78dc7f21f22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f315dfb8c7a2f96e79d255331154dda |
| SHA1 | 6861e01c839ea9d1b4eb0f5943c81e6876e4c4f1 |
| SHA256 | b58877a6a52239d7b01f9839d097c64374209267e116a38a2fc527138d6f5837 |
| SHA512 | 2f37367cf099ef4df53461aeec234de2feadf0065bdf14e353e227869d12fb0240ea095cd35901bc7d89fdeaad0e6e49f417b328f0b487d971215a8ee3b45424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a3a0473acd419212af47067362d07ae |
| SHA1 | ee325e475fdcd5fcaa40940f46d04b52c8bb8e1d |
| SHA256 | a0f65cbe9041591607963f36e2760dad615ed1b860a79e8c600bad069e41add3 |
| SHA512 | cb775e6f65a45f2c86d2550bff273c20550809c1df6586c09d25b871ed87869b7a3ee68603024990793b7a2981b68f235b38bf308fb3d1ba64bf59d18e2ff9a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d710813329cc1a895dd731697e1bff8 |
| SHA1 | 4603bab0b0edd97c15f443dab72fa988744e388a |
| SHA256 | 182b2061a8a38f256f31c1cc3ab4ab12f868effa79bca698c9f8dd827ec74611 |
| SHA512 | b50f7f6e700ece2edff22fe8a6f93b44c7e2b267387e9b21c364075508ab146160057bd9c631e48bd3be795c1cc07585027dd70743722c4c86ad8c0388d961ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22facd947af35f7fffbd3b3998388143 |
| SHA1 | 18a7f47a5eb0a0963758a67c7b234ef29e0a9abb |
| SHA256 | e17aca93a092640f5d61b63e39c50aae6b93fe317049fb66bb81761c9b641246 |
| SHA512 | afb96d591862639037c4c5222ec05e3c598546b8fb0829a7f64286e4a3996504b545859289f5e2bd94b99c802039bbe36633b1ad515dd38241e1a0ea388522ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eea9a8ca435cfe0447ed78e32b83a49 |
| SHA1 | f72cfe415f7867da0cbd5162fcb292ba774842c2 |
| SHA256 | d2b46fe48cc75fced44e5d621d833a502ad99d5d27a13905190002dd304a9dd0 |
| SHA512 | 8f6928622793a951732d13b491c436dddac7b5d72291d3af1aed2db63a0e995180d3427a1761aea2f60e89bc1fc028aa6d1ab93975d1c922079c8cf32db4aa3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 515acc1dc0ac247a50848ed4001cde08 |
| SHA1 | ffac0c8a0b031c0228ff426b0d03976f10ad0ef6 |
| SHA256 | 243dd8faeb5f71aa5664957a6eafdb2494b5c9b152293eb192b693723fd012cb |
| SHA512 | 910359da2a24ce32838ba726eaf5378c9a53458a28208d77e773c085368e7bbe8e6dd372ebfac001604120f2eaba46089a68499f6b3a8b9e75fd8c520e212d52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5170fbd0aa12dfa7de981a9ebda2734 |
| SHA1 | 806f9e77991e7657f7e9dff48d5515c37b73dcb1 |
| SHA256 | 056938a319fb10157eef36cd835d8b910a1a62ecd09b8794c25e25ea35602d26 |
| SHA512 | 820598efb750c5bc0d4cb4d43d1e586677c3696a6de38f9a3ab176682fd94fd50d579fa2cb60a13713f68611d6919159269d4cdd2c3698f0084897ce91442bb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf1df69535f120d2e63036a76f664f4d |
| SHA1 | b45de42dae4f8f48deabd70866a6ac5ad4358c7d |
| SHA256 | 333164b94922f24d05e8aaa3b17587a96e3bd8de2940c29233be76bc7dd7b15a |
| SHA512 | 8e8eca13fe45b5d250d9a9cbac8336a963b6d29aeab6129fc3bbb57fab48e9ca6931e3bbf171b26d60a16ad55dbf1ba7015fe3dfcf56f60c5b33e13cf88b7939 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20dab6f8713a7ff5e4ea5f36904ad3a0 |
| SHA1 | 175f87fa540f295b62357a5271694c10cc0dbabb |
| SHA256 | 412d70340719edb6e4d3bcbb773f3ba107b6bd120d04c4c186b956088d0cd230 |
| SHA512 | e03ca5945ae7510611ac0a6b9460f6d620bb0a92a043deac0407e21a339aacc1e066b9c826462c795c32c6212fcaf4ab626e90a12f47688c7aa485550187c7f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd9db985759d6602940e1b778b9345d4 |
| SHA1 | 55b3b912c218cb22343b9d41960ab4ad73ffbbeb |
| SHA256 | 66ae8af5c83c18b279aa455abdad0ccd3a6f8a91ab9d2f38cd871f8ecc7948f6 |
| SHA512 | 1018dce8442ae2928aac2e08722b82a3186557d3f611740ae1181f9f4b4c25ad160b563ee0a0b8a07a3d9003e83ab04f829121c5eaed0e7a10c902e02f784703 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc9a6628e62838b57464de1f66a9cbf8 |
| SHA1 | 89d7fefc2246f2aa7922a5190a594b052b72f802 |
| SHA256 | 0383664a34c80a5822a8a56477f64897adbb1dd9c2d03da66395b8467280550e |
| SHA512 | 7e5f6cc1cfb08b612b184bc4725b2e34c8fe9a1421b9d30393911b265e5318028a5077972cbd1037ecbb8aafe771e0708559dabc1fe3dc2701843c2a3434c7eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3db2a15ba29a0d07032d6404977df89d |
| SHA1 | cd305bcc134ca051f2703b8780ce39b10a8b822d |
| SHA256 | f0858f9a6c2e7a543c33b3686122409656590e3e71f7a9738b4baf8c22dd6735 |
| SHA512 | a9c909cc97d641ca64f74769bea53e3745ce2144555ad16a9d099ba60f02cf3d0dc3ec1e628f3451afe6c18e8dcb6547b00681353a23c3055b270cb76c0973f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f022fdcd61dd748fa86d3f81760ae8e4 |
| SHA1 | 562a8ef5be5aac40ce1264fd869c2a83c794e531 |
| SHA256 | 8ca3e7b4b6e5161d1c9fdbf06bcb55dea8011c31da580074e506e3eca4f331bf |
| SHA512 | 6b6c4f7542741b3ffd6ab2baf1090b1983a66ade53e754b499b8b34e6ff203aa06d616435baeea8ce3126c22a5e71dbe504eafd42a194d051fc19cbc169bcda4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94e817f1140b7c8ac28aeadeb8a04f87 |
| SHA1 | 01b15791eee13406414cc2675dbcb9e662261c7c |
| SHA256 | 3540f3ac62a61ec46183572beff256eeeed7df1b823306953a9995cf63eca5dd |
| SHA512 | 5c40618823b11c18ffca49fb644c60f01c0be111699c65d844916f85e7168641dc17204877f93ab93d455622a9c708613f81a5f5d20fdf7a2875661b1129ba86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1dbb05f2aef7fe89255edfac08c8e87 |
| SHA1 | e2eb255c54854dd1e96617c02c9b1cd721a2f7aa |
| SHA256 | ae29b1c36e15b6bfeb2b7fe83836850d191fc0d948e0c1e0e26e88a1e136d0aa |
| SHA512 | 705e09e30772b524759fe0fb229d75733f7f919a9577360c22420cd3288cf98ce8c9c417ea2d72918c06d12fa1327be1924b11e92e95d3fca260bcdcb2efac5a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-25 22:08
Reported
2024-06-25 22:11
Platform
win10v2004-20240508-en
Max time kernel
92s
Max time network
94s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fb4668739fff9075a4f596c307333d6_JaffaCakes118.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1348 -ip 1348
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 264
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/1348-1-0x00000000005B0000-0x00000000005B1000-memory.dmp
memory/1348-0-0x0000000000400000-0x0000000000462000-memory.dmp
memory/1348-2-0x0000000000400000-0x0000000000462000-memory.dmp