Analysis Overview
SHA256
c84b8140e58cb9a18e18756bf5f08b1d7be318d2abb9db005ede3aca89b913fb
Threat Level: Known bad
The file 162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Loads dropped DLL
Drops file in System32 directory
UPX packed file
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-05 04:30
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-05 04:30
Reported
2024-10-05 04:32
Platform
win7-20240729-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Ramnit
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8850CB11-82D2-11EF-8BEB-4E219E925542} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434264489" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8852C6E1-82D2-11EF-8BEB-4E219E925542} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2064-1-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2064-0-0x0000000000400000-0x0000000000462000-memory.dmp
memory/2064-3-0x0000000000400000-0x0000000000462000-memory.dmp
memory/2064-2-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/2064-5-0x0000000000400000-0x0000000000462000-memory.dmp
memory/2064-4-0x00000000002B0000-0x00000000002B1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8852C6E1-82D2-11EF-8BEB-4E219E925542}.dat
| MD5 | 9781ebf969814bd25f6c40d0805e2e64 |
| SHA1 | e80d7108de7432368e976f755d901477161cac96 |
| SHA256 | ecd5a206f8fc0b6fb3ade3e43ecb09f34f3f9ae2d0c8ea374fad0246e98a1e44 |
| SHA512 | cd14e5041d41e2b289d6b1ec07e998d820dc878e555ffa9db9703481a8201fc446fd8fe4c2ab507bc4c42f6b975f0a6d97b2986f76fb733bf1b840bc13fe5966 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8850CB11-82D2-11EF-8BEB-4E219E925542}.dat
| MD5 | a217fdd7bef1261bcca913a8c648c8fd |
| SHA1 | 73b36a8d58acb2a49705627cff98179708e20881 |
| SHA256 | 4066ef6d43d89a9b6e4257963069606ca82964d085371703b1aaffecd4915ad8 |
| SHA512 | a7057aa9954e52fa2feef5ffc49778160b326e4879fc1c97f28e04e6ebcfe7f36d21706cd65523fbe59e6794f68bead73fdf4c05963415840af71955661d7087 |
memory/2064-8-0x0000000000400000-0x0000000000462000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabE8BD.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarE90E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fc95a114bb75966ae477fb31badea00 |
| SHA1 | cb1470d7a8d2995627b1759d4174a23ba5b293ec |
| SHA256 | 7ac7c2502511abfa8bdf61a9688b281b594e6f3e28610de43ee4f90b19d6b693 |
| SHA512 | 0e167f1464d1ca262c642fe253a5b1dc5f7b96c7c229c0a72e2e24a91d2fc137fffd2d99a92e4fd85c610aac6931bd5fc62eb2d014f7e670a82d4e4b147c2374 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7ca6ab8127730aa67a738e800b41bf2 |
| SHA1 | ed1cec264a51f06f785a0160cbb272302396b1f0 |
| SHA256 | 5267dba14116d56a7a79a2c086a45852b2d54af5dd7b8b75ef175c92e4b5b5d4 |
| SHA512 | 7eda262340a0f66127666680c61ecb78f428734c0df75263025aaed32d570fc715da57fe4a22b28940f56fe4227004c9ebdb5987540ae1de918ac7fac5e0d58c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad84da43ca1d5b49409068ed151dccc6 |
| SHA1 | 61b30b96775031a3acdc1704c797e7001262960e |
| SHA256 | d952e2fc3bb3bb7551da3a4c417d4e3aa48c0b583c56881c76fb3a0371ce9929 |
| SHA512 | 30181ce52f727ec3e6e9e80b824d8f80dd6b7ddab41e795b7cb0e0fae3ad69c5f6f807775eb6c4ce1a14a152d1213c66ef507d230512f1fff97aa576b1d2fc85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ff17a6f3b19b1ba0dd3663324188bb5 |
| SHA1 | 3bf24fa89c89a21808b36c9111836df710507ce9 |
| SHA256 | 2fd038fa8f4ac86bb37337fb02e7cd53d2e7b34d2265150e5794b9fd755d9253 |
| SHA512 | 7a3417ed5ede8097af71d16eb19e0a6a64fb9e79361784577ada8e6045a3f82d5a30424f732436865c47509985571cde4967342b77a437494c7f44e0e35405d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 853dff1ee0720451ed5b48d211df5016 |
| SHA1 | 6ca403e1c672a42d21795f9cb3459282b4a82221 |
| SHA256 | b3fcd96c382b356738dd4e1c1d8a5ffe487acc45ac97747f977ac3c08b124d1d |
| SHA512 | 521ad744b2794f02424f97aecb553be9b704cd08e2ebc7703275a3b22be3ecdbb4a460ddeabe67f9538820e95d2118810568182127cd640da0aa0bc9e6449b8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bf3120e8ef573aadedda8a0dce8b5397 |
| SHA1 | 9645975dfcdad65c841b03a119c285993ecf477e |
| SHA256 | 5bf6dda2d2bb0023e679214577b480a378aff5004b2fa1b395499a412c1fbdc1 |
| SHA512 | 7d6d42260808437ff6625ab79da87aee50f21d2a66d0e6c7a5891fd2493f9de3f68368247b95fdd5baf41b1e2cb9fdde80b3561a7ecc2a25c81c6d580fffeae7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fd5a65f74bbc1b4e05a23cd8b7fcf9b |
| SHA1 | 57e46de1aa20f75808a354c61439786fe99a44a2 |
| SHA256 | 96af861b862e6937cfe1a37b63b7e593fd74142f6c0d3baee37ff6c6b513661e |
| SHA512 | e21b56060b5692bad7d2497f5674863f2f3583ddf156bd04b56e32f76e5ce19dd2e00be2420f8edc26193f0cd9b8b95611dfc0bd3ba741986afa5fb55cef2a0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39c808e32bf0dfe722829571261496cb |
| SHA1 | 1511f554d16bf0410bc4a073cc821dcc6f398bf5 |
| SHA256 | 9fcc7acb50ebdf26bf809bb75fc6dc88e060d4965af3285fe97c6abbfb87011d |
| SHA512 | 34b2260cb600ac355e19ee2b122b245b1fa0b0f157d3c8f45b9370caba43c7591e4174f9554aaeba81982646b1817125119360d1f5b8ab7b2b53f9cded49449a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbc8bcf6be9dcda353eb45ed15928ad2 |
| SHA1 | 9ae8236c2e474366c8d3234f94bdce2c23db9178 |
| SHA256 | f89c5622817250d9da09f9683ebe2cb0a979a11b8634a8f77318ff31337eff84 |
| SHA512 | 22073a51d13815fed9c23770bfd714fde4ff7094a711be944298f739980a012c575b076d1aab3c73690f7d8e45478e6fd12f41e000f7e5d3f173f7f441002e0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ab342ff51a7e1c21cb9bbc15d51282b |
| SHA1 | 403bbdde02081d28bf8aa5bea3872b5ad16ba7ae |
| SHA256 | 647975bcfc188477a728d6f8bcf491373c95c445443927128ee1da00294b3356 |
| SHA512 | e32ef64bda73c4285b13bb6bcee191368d3be38c9cf852796bcd55b0775123801aee84010391653958e9320db2549927fa1c6179cb656b22c60555fbb74d785e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a559568c47800e43da4d4af7157499e |
| SHA1 | bab7cb07b919c569dd8af32d3a4e4ef247f3cd47 |
| SHA256 | f246bcb113064a3b454c4c8dd2e98b38d0b2c9b89047967eb497e101dac7d0bc |
| SHA512 | 7dd703f74955a726d728d38432ffb021569f70c304806b686823656fac067f84189b5de05c2f844360e9233ab3e388eda16f1fe55459dd79cd2bf7f69a0fe7f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9017b74ee81c4dc4b10f70e75fe952f7 |
| SHA1 | 7cf3b88092d87d9197aa641478f6c9a0a4558cbc |
| SHA256 | 3c2b2278091798137dfa261789484fe3709baf8a9d1ac93b94440f4e7f42d603 |
| SHA512 | e431a52ae0c4520a31c9e913abfcf960dc3245725379639905aba1879c6efaa9a04dce8718177e771ab4ff6c8405f965c543e7ff92885f910f65c6aa0d424400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 563dc0341d6db33721cb7b64002765d1 |
| SHA1 | f3dd859f48311e9937e4d9b4fc7fa9f5a7279b35 |
| SHA256 | 05105468138f12af078a5ae5020e2fffbaf49034d1a82b4cfe613278f005ce8e |
| SHA512 | d77584e6cbc6a565c908d7bd0e3c93015e9a2daf9dea3febfcf96748287d73e47df16d587d0732784bd1edd33c0b0f1355bfa17607bb2d881bab848ff97a3805 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b5820bfd40d8f88ffda5276e98d21cf |
| SHA1 | 61ef10f102f5a8a5f5bacfc4a36a2db9c4fe7d06 |
| SHA256 | a494ce8cb473569d844972e8c2386d26f41fe5d50b6117982f6035503373095f |
| SHA512 | 30e51ce5e62fbc936b17803ceb22100b1cdef8cfa29e363c9a61361e6eb1c7cfbcdfd32e1dbf85f2764fc63b19ec7f8e6443b62e6b73ef208f402ed5bec9ddac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 940066f4b56350f5c71ba4090f0c7792 |
| SHA1 | 47e21c6ab01a6689e916295385e7a9b17ca7e809 |
| SHA256 | 404c0b37c22e8f7538e9c0c368dfde273abe94df110c0f219ec788ee7576f831 |
| SHA512 | ce507995b35704d221c29e47e08b3b73a93583ba0391262afd6d721ab2d32c2bc8aa6a9e7bc8c62624ad789db753cdccc39a5ced2471eb4419c84c9d02b4368e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3591483c30eb63ab0a22118598aefae4 |
| SHA1 | d03e0e574c3a3c2d26963dde2bf500249a6763cc |
| SHA256 | 749198c9fdf36f6ddd02f672bc5e45e28089baa5dd82d17948e1ec253b2deb89 |
| SHA512 | 97fdc35e7889d3d1ae2e84079092d070a25da3e3fe4ff5fcbad589f7d076ac3b96351841a4e7337cef0b8c2d6b6c282fc0e58d95e508a666921d742cb263b0da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec67534ffff26a13ed1bb56ffbce9c2d |
| SHA1 | fa03a6ac33d1510b66989674aec221cc5cd96382 |
| SHA256 | 865332b946e80195eb8a767f626cae0999b7dfeb78a439aea494009be8d833b2 |
| SHA512 | e6c3959e36033f40016b5b82c199ac5cec78589a034450f933e793e045a45f6e5ac410bba74e9a201bf5f0f0c1dddf2491e06f470478f19dab53f8fce2788371 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5f8e214dd1f9c22935a44850fdfbc85 |
| SHA1 | 1327cc84706d4dc0cb09c6d42a2f11e135630b61 |
| SHA256 | d7af1892ca931918f40fbc36de32a977d543323f544b719e791e36d88dc0d1c8 |
| SHA512 | 617f16988855dce79867e08075804c2b7c4c1cca9d6f574597f4f5c9b40c5baf3e2c245f008d35153eb0434408bca8fbb5717056ce4c7f4f9fbb5f4acacaf1fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06ebf9076c43673e69a8d5bf62deb294 |
| SHA1 | 8efcdf2e1fa6acfb6188355a9988267ec36c8cbe |
| SHA256 | c436c2d507b81edf48d03a3a9da4ddc2e073b2dbee6453a65450e7de01c67f80 |
| SHA512 | 6336616aa7f9a61fc3535716c3f3d971a72e517ebead3e61336688bce456f588f3d8d59c94fc6b9a073276003e85921e7e3f7963f2e5e794e2491496442fd8ca |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-05 04:30
Reported
2024-10-05 04:32
Platform
win10v2004-20240802-en
Max time kernel
94s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\o~305140.dl_ | C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe | N/A |
| File created | C:\Windows\SysWOW64\o~305140.dll | C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
memory/2232-0-0x0000000000400000-0x0000000000462000-memory.dmp
C:\Windows\SysWOW64\o~305140.dll
| MD5 | 379d7c0b2dc783571e4b008108f115a5 |
| SHA1 | 1491d9607cc368bd7b2e081c7ab8597deb541821 |
| SHA256 | a9e77e5865e5c4aad84fb4c77801bf56b2e2a6a94ad256bd079deac24aeaa96c |
| SHA512 | ae80450a8d0720b14295329c983b38beb39ccd4d10cc2296189b9ef1897b2f298f06ea2a0deeba1c43b2500449160433ae419e1a21f87c3493b1bbac91dd4e2c |
memory/2232-5-0x0000000010000000-0x0000000010015000-memory.dmp
memory/2232-7-0x0000000000400000-0x0000000000462000-memory.dmp