Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • submitted
    29-03-2024 10:16

General

  • Target

    1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe

  • Size

    733KB

  • MD5

    1f67cc3aee307cde9e5102d372f9b87e

  • SHA1

    9add3dadb96e4c8048bb826e652f7e5f90f2a5c1

  • SHA256

    8618bf549fe77b12325caeac35e24857145cba568d740c191a5850e2cc2c3960

  • SHA512

    e2511fafd5a44bfb4a5d091cb1cd9a94aad8f02f39f248e273aeeae805007907c438ce6e7e12de38792d7366b16e4ca56173708497ff503b4190f52d10d2642d

  • SSDEEP

    12288:8qzcpVgUXzL0TTUKZHTNloEkOpnKgofuIwV6eAj0wZxxXMcEe/3paPcgrX:8qzcpKIL0TvZzNlNky0wVW0wZxxVgrX

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4736

Network

  • flag-us
    DNS
    deli.mywire.org
    1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    deli.mywire.org
    IN A
    Response
    deli.mywire.org
    IN A
    46.196.24.72
  • flag-us
    DNS
    deli.mywire.org
    1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    deli.mywire.org
    IN A
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
    Response
    0.204.248.87.in-addr.arpa
    IN PTR
    https-87-248-204-0lhrllnwnet
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    0.204.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.204.248.87.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    75.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.159.190.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    183.142.211.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.142.211.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    152.33.115.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    152.33.115.104.in-addr.arpa
    IN PTR
    Response
    152.33.115.104.in-addr.arpa
    IN PTR
    a104-115-33-152deploystaticakamaitechnologiescom
  • flag-us
    DNS
    178.223.142.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    178.223.142.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.135.221.88.in-addr.arpa
    IN PTR
    Response
    217.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-217deploystaticakamaitechnologiescom
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    deli.mywire.org
    1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    deli.mywire.org
    IN A
    Response
    deli.mywire.org
    IN A
    46.196.24.72
  • flag-us
    DNS
    198.111.78.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.111.78.13.in-addr.arpa
    IN PTR
    Response
  • 46.196.24.72:20000
    deli.mywire.org
    1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe
    260 B
    120 B
    5
    3
  • 46.196.24.72:20000
    deli.mywire.org
    1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe
    260 B
    200 B
    5
    5
  • 46.196.24.72:20000
    deli.mywire.org
    1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe
    260 B
    160 B
    5
    4
  • 8.8.8.8:53
    deli.mywire.org
    dns
    1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe
    122 B
    77 B
    2
    1

    DNS Request

    deli.mywire.org

    DNS Request

    deli.mywire.org

    DNS Response

    46.196.24.72

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    284 B
    145 B
    4
    1

    DNS Request

    97.17.167.52.in-addr.arpa

    DNS Request

    97.17.167.52.in-addr.arpa

    DNS Request

    97.17.167.52.in-addr.arpa

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    0.204.248.87.in-addr.arpa
    dns
    213 B
    116 B
    3
    1

    DNS Request

    0.204.248.87.in-addr.arpa

    DNS Request

    0.204.248.87.in-addr.arpa

    DNS Request

    0.204.248.87.in-addr.arpa

  • 8.8.8.8:53
    75.159.190.20.in-addr.arpa
    dns
    216 B
    158 B
    3
    1

    DNS Request

    75.159.190.20.in-addr.arpa

    DNS Request

    75.159.190.20.in-addr.arpa

    DNS Request

    75.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    183.142.211.20.in-addr.arpa
    dns
    73 B
    159 B
    1
    1

    DNS Request

    183.142.211.20.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    152.33.115.104.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    152.33.115.104.in-addr.arpa

  • 8.8.8.8:53
    178.223.142.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    178.223.142.52.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    217.135.221.88.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    217.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    deli.mywire.org
    dns
    1f67cc3aee307cde9e5102d372f9b87e_JaffaCakes118.exe
    61 B
    77 B
    1
    1

    DNS Request

    deli.mywire.org

    DNS Response

    46.196.24.72

  • 8.8.8.8:53
    198.111.78.13.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    198.111.78.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.