Analysis Overview
SHA256
942353c71456ab1a0448ae9ea161cdb10cf85770e577d39c2f660193bc3efe9b
Threat Level: Known bad
The file 787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Raccoon
Raccoon Stealer V1 payload
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-01 19:32
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-01 19:32
Reported
2024-04-01 19:35
Platform
win7-20231129-en
Max time kernel
141s
Max time network
141s
Command Line
Signatures
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | tgmirror.top | udp |
Files
memory/1872-1-0x0000000002E60000-0x0000000002F60000-memory.dmp
memory/1872-2-0x00000000002A0000-0x000000000032E000-memory.dmp
memory/1872-3-0x0000000000400000-0x0000000002DE5000-memory.dmp
memory/1872-6-0x0000000002E60000-0x0000000002F60000-memory.dmp
memory/1872-7-0x00000000002A0000-0x000000000032E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-01 19:32
Reported
2024-04-01 19:35
Platform
win10v2004-20240319-en
Max time kernel
148s
Max time network
160s
Command Line
Signatures
Raccoon
Raccoon Stealer V1 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\787d7fe12ead5fc31da3ac6d5bb4e1e5_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3628 --field-trial-handle=2256,i,16750283575152780128,2524258836761969159,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | 40.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| GB | 13.105.221.16:443 | tcp | |
| US | 8.8.8.8:53 | 234.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | 48.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | telemirror.top | udp |
| US | 8.8.8.8:53 | tgmirror.top | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | tgmirror.top | udp |
| US | 8.8.8.8:53 | tgmirror.top | udp |
| US | 8.8.8.8:53 | tgmirror.top | udp |
| US | 8.8.8.8:53 | tgmirror.top | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
Files
memory/2452-1-0x0000000002E10000-0x0000000002F10000-memory.dmp
memory/2452-2-0x0000000004B40000-0x0000000004BCE000-memory.dmp
memory/2452-3-0x0000000000400000-0x0000000002DE5000-memory.dmp
memory/2452-4-0x0000000000400000-0x0000000002DE5000-memory.dmp
memory/2452-6-0x0000000002E10000-0x0000000002F10000-memory.dmp
memory/2452-7-0x0000000004B40000-0x0000000004BCE000-memory.dmp