Analysis Overview
SHA256
770fee20d3c1a372352fc4146a3e733729f0a8ad1f6431fc8293254fca927433
Threat Level: Shows suspicious behavior
The file be737db94c439bfc4d0a515623b6dec4_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Adds Run key to start application
Drops file in System32 directory
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-04 17:33
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-04 17:33
Reported
2024-04-04 17:36
Platform
win7-20240220-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe | N/A |
Drops file in System32 directory
Processes
C:\Users\Admin\AppData\Local\Temp\be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe"
Network
Files
memory/2192-0-0x0000000000400000-0x0000000000464000-memory.dmp
C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe
| MD5 | 26bde54f8c0e9d32e9f7d8872654f1d7 |
| SHA1 | 73fd7c8135e030feccd5ce3e2aac6ae5be1e06dc |
| SHA256 | 65cf245fc453f0545027f9c8b94a45c72025fee4e3a2e83ac5b08fcac9952484 |
| SHA512 | d5ec7b1ef63c0bb38bae5d5e8e552d758728840fa4904a9947d4d79a004e8926fedc8530b92d05e13f613c95df47400a091743c78ebad80247a793d8f7f22442 |
memory/2192-28-0x0000000000400000-0x0000000000464000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-04 17:33
Reported
2024-04-04 17:36
Platform
win10v2004-20231215-en
Max time kernel
144s
Max time network
146s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winxcfg.exe = "C:\\Windows\\system32\\winxcfg.exe" | C:\Users\Admin\AppData\Local\Temp\be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe | N/A |
Drops file in System32 directory
Processes
C:\Users\Admin\AppData\Local\Temp\be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\be737db94c439bfc4d0a515623b6dec4_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.143.182.52.in-addr.arpa | udp |
Files
memory/1696-0-0x0000000000400000-0x0000000000464000-memory.dmp
C:\Windows\SysWOW64\macromd\CKY3 - Bam Margera World Industries Alien Workshop.exe
| MD5 | 20f458c954e5da3e48de04f3851d3b3d |
| SHA1 | bd0fe9b975427bb93f8fbcf403b6506c99f053ff |
| SHA256 | 6957659a81333060c48b554f587c21a25367240d44f9860b5cf7ca499bfd964f |
| SHA512 | a0a4fd11bdd776701517811e4dc3990747940c265e823d31cc2387c0821a0bb65dbae196ceb444b90a6be863d453bb81723394c49fe7fa635c657f89b475466d |
memory/1696-28-0x0000000000400000-0x0000000000464000-memory.dmp