Analysis Overview
SHA256
e56c660f542100cf8a7caf01d8abf448d082dc8bce81e1b336f8340925d7142d
Threat Level: Shows suspicious behavior
The file e3648150c6ab7b8de41d24f1a52f0186_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Unsigned PE
Suspicious behavior: RenamesItself
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 22:07
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 22:07
Reported
2024-04-06 22:09
Platform
win7-20231129-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\484a41515f4b490b405d40 = "C:\\Users\\Admin\\tznl.exe" | C:\Users\Admin\AppData\Local\Temp\e3648150c6ab7b8de41d24f1a52f0186_JaffaCakes118.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e3648150c6ab7b8de41d24f1a52f0186_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e3648150c6ab7b8de41d24f1a52f0186_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e3648150c6ab7b8de41d24f1a52f0186_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | app2.winsoft1.com | udp |
| US | 8.8.8.8:53 | app2.winsoft2.com | udp |
| US | 8.8.8.8:53 | app2.winsoft3.com | udp |
| US | 8.8.8.8:53 | app2.winsoft4.com | udp |
| US | 8.8.8.8:53 | app2.winsoft5.com | udp |
| US | 8.8.8.8:53 | app2.winsoft6.com | udp |
| US | 8.8.8.8:53 | app2.winsoft7.com | udp |
| US | 8.8.8.8:53 | app2.winsoft8.com | udp |
| US | 8.8.8.8:53 | app2.winsoft9.com | udp |
| US | 8.8.8.8:53 | app2.winsoft10.com | udp |
| US | 8.8.8.8:53 | app2.winsoft11.com | udp |
| US | 8.8.8.8:53 | app2.winsoft12.com | udp |
| US | 8.8.8.8:53 | app2.winsoft13.com | udp |
| US | 8.8.8.8:53 | app2.winsoft14.com | udp |
| US | 8.8.8.8:53 | app2.winsoft15.com | udp |
| US | 8.8.8.8:53 | app2.winsoft16.com | udp |
| US | 8.8.8.8:53 | app2.winsoft17.com | udp |
| US | 8.8.8.8:53 | app2.winsoft18.com | udp |
| US | 8.8.8.8:53 | app2.winsoft19.com | udp |
| US | 8.8.8.8:53 | app2.winsoft20.com | udp |
| US | 8.8.8.8:53 | app2.winsoft21.com | udp |
| US | 8.8.8.8:53 | app2.winsoft22.com | udp |
| US | 8.8.8.8:53 | app2.winsoft23.com | udp |
| US | 8.8.8.8:53 | app2.winsoft24.com | udp |
| US | 8.8.8.8:53 | app2.winsoft25.com | udp |
| US | 8.8.8.8:53 | app2.winsoft26.com | udp |
| US | 8.8.8.8:53 | app2.winsoft27.com | udp |
| US | 8.8.8.8:53 | app2.winsoft28.com | udp |
| US | 8.8.8.8:53 | app2.winsoft29.com | udp |
| US | 8.8.8.8:53 | app2.winsoft30.com | udp |
| US | 8.8.8.8:53 | app2.winsoft31.com | udp |
| US | 8.8.8.8:53 | app2.winsoft32.com | udp |
| US | 8.8.8.8:53 | app2.winsoft33.com | udp |
| US | 8.8.8.8:53 | app2.winsoft34.com | udp |
| US | 8.8.8.8:53 | app2.winsoft35.com | udp |
| US | 8.8.8.8:53 | app2.winsoft36.com | udp |
| US | 8.8.8.8:53 | app2.winsoft37.com | udp |
| US | 8.8.8.8:53 | app2.winsoft38.com | udp |
| US | 8.8.8.8:53 | app2.winsoft39.com | udp |
| US | 8.8.8.8:53 | app2.winsoft40.com | udp |
| US | 8.8.8.8:53 | app2.winsoft41.com | udp |
| US | 8.8.8.8:53 | app2.winsoft42.com | udp |
| US | 8.8.8.8:53 | app2.winsoft43.com | udp |
| US | 8.8.8.8:53 | app2.winsoft44.com | udp |
| US | 8.8.8.8:53 | app2.winsoft45.com | udp |
| US | 8.8.8.8:53 | app2.winsoft46.com | udp |
| US | 8.8.8.8:53 | app2.winsoft47.com | udp |
| US | 8.8.8.8:53 | app2.winsoft48.com | udp |
| US | 8.8.8.8:53 | app2.winsoft49.com | udp |
| US | 8.8.8.8:53 | app2.winsoft50.com | udp |
| US | 8.8.8.8:53 | app2.winsoft51.com | udp |
| US | 8.8.8.8:53 | app2.winsoft52.com | udp |
| US | 8.8.8.8:53 | app2.winsoft53.com | udp |
| US | 8.8.8.8:53 | app2.winsoft54.com | udp |
| US | 8.8.8.8:53 | app2.winsoft55.com | udp |
| US | 8.8.8.8:53 | app2.winsoft56.com | udp |
| US | 8.8.8.8:53 | app2.winsoft57.com | udp |
| US | 8.8.8.8:53 | app2.winsoft58.com | udp |
| US | 8.8.8.8:53 | app2.winsoft59.com | udp |
| US | 8.8.8.8:53 | app2.winsoft60.com | udp |
| US | 8.8.8.8:53 | app2.winsoft61.com | udp |
| US | 8.8.8.8:53 | app2.winsoft62.com | udp |
| US | 8.8.8.8:53 | app2.winsoft63.com | udp |
| US | 8.8.8.8:53 | app2.winsoft64.com | udp |
| US | 8.8.8.8:53 | app2.winsoft65.com | udp |
| US | 8.8.8.8:53 | app2.winsoft66.com | udp |
| US | 8.8.8.8:53 | app2.winsoft67.com | udp |
| US | 8.8.8.8:53 | app2.winsoft68.com | udp |
| US | 8.8.8.8:53 | app2.winsoft69.com | udp |
| US | 8.8.8.8:53 | app2.winsoft70.com | udp |
| US | 8.8.8.8:53 | app2.winsoft71.com | udp |
| US | 8.8.8.8:53 | app2.winsoft72.com | udp |
| US | 8.8.8.8:53 | app2.winsoft73.com | udp |
| US | 8.8.8.8:53 | app2.winsoft74.com | udp |
| US | 8.8.8.8:53 | app2.winsoft75.com | udp |
| US | 8.8.8.8:53 | app2.winsoft76.com | udp |
| US | 8.8.8.8:53 | app2.winsoft77.com | udp |
| US | 8.8.8.8:53 | app2.winsoft78.com | udp |
| US | 8.8.8.8:53 | app2.winsoft79.com | udp |
| US | 8.8.8.8:53 | app2.winsoft80.com | udp |
| US | 8.8.8.8:53 | app2.winsoft81.com | udp |
| US | 8.8.8.8:53 | app2.winsoft82.com | udp |
| US | 8.8.8.8:53 | app2.winsoft83.com | udp |
| US | 8.8.8.8:53 | app2.winsoft84.com | udp |
| US | 8.8.8.8:53 | app2.winsoft85.com | udp |
| US | 8.8.8.8:53 | app2.winsoft86.com | udp |
| US | 8.8.8.8:53 | app2.winsoft87.com | udp |
| US | 8.8.8.8:53 | app2.winsoft88.com | udp |
| US | 8.8.8.8:53 | app2.winsoft89.com | udp |
| US | 8.8.8.8:53 | app2.winsoft90.com | udp |
| US | 8.8.8.8:53 | app2.winsoft91.com | udp |
| US | 8.8.8.8:53 | app2.winsoft92.com | udp |
| US | 8.8.8.8:53 | app2.winsoft93.com | udp |
| US | 8.8.8.8:53 | app2.winsoft94.com | udp |
| US | 8.8.8.8:53 | app2.winsoft95.com | udp |
| US | 8.8.8.8:53 | app2.winsoft96.com | udp |
| US | 8.8.8.8:53 | app2.winsoft97.com | udp |
| US | 8.8.8.8:53 | app2.winsoft98.com | udp |
| US | 8.8.8.8:53 | app2.winsoft99.com | udp |
| US | 8.8.8.8:53 | app2.winsoft100.com | udp |
| US | 8.8.8.8:53 | app2.winsoft0.com | udp |
| US | 8.8.8.8:53 | p2.winsoft3.com | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 22:07
Reported
2024-04-06 22:09
Platform
win10v2004-20240226-en
Max time kernel
91s
Max time network
126s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ebe9e2f2fce8eaa8e3fee3 = "C:\\Users\\Admin\\tznl.exe" | C:\Users\Admin\AppData\Local\Temp\e3648150c6ab7b8de41d24f1a52f0186_JaffaCakes118.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e3648150c6ab7b8de41d24f1a52f0186_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e3648150c6ab7b8de41d24f1a52f0186_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e3648150c6ab7b8de41d24f1a52f0186_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | app2.winsoft1.com | udp |
| US | 8.8.8.8:53 | app2.winsoft2.com | udp |
| US | 8.8.8.8:53 | app2.winsoft3.com | udp |
| US | 8.8.8.8:53 | 17.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft4.com | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft5.com | udp |
| US | 8.8.8.8:53 | app2.winsoft6.com | udp |
| US | 8.8.8.8:53 | app2.winsoft7.com | udp |
| US | 8.8.8.8:53 | app2.winsoft8.com | udp |
| US | 8.8.8.8:53 | app2.winsoft9.com | udp |
| US | 8.8.8.8:53 | app2.winsoft10.com | udp |
| US | 8.8.8.8:53 | app2.winsoft11.com | udp |
| US | 8.8.8.8:53 | app2.winsoft12.com | udp |
| US | 8.8.8.8:53 | app2.winsoft13.com | udp |
| US | 8.8.8.8:53 | app2.winsoft14.com | udp |
| US | 8.8.8.8:53 | app2.winsoft15.com | udp |
| US | 8.8.8.8:53 | app2.winsoft16.com | udp |
| US | 8.8.8.8:53 | app2.winsoft17.com | udp |
| US | 8.8.8.8:53 | app2.winsoft18.com | udp |
| US | 8.8.8.8:53 | app2.winsoft19.com | udp |
| US | 8.8.8.8:53 | app2.winsoft20.com | udp |
| US | 8.8.8.8:53 | app2.winsoft21.com | udp |
| US | 8.8.8.8:53 | app2.winsoft22.com | udp |
| US | 8.8.8.8:53 | app2.winsoft23.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft24.com | udp |
| US | 8.8.8.8:53 | app2.winsoft25.com | udp |
| US | 8.8.8.8:53 | app2.winsoft26.com | udp |
| US | 8.8.8.8:53 | app2.winsoft27.com | udp |
| US | 8.8.8.8:53 | app2.winsoft28.com | udp |
| US | 8.8.8.8:53 | app2.winsoft29.com | udp |
| US | 8.8.8.8:53 | app2.winsoft30.com | udp |
| US | 8.8.8.8:53 | app2.winsoft31.com | udp |
| US | 8.8.8.8:53 | app2.winsoft32.com | udp |
| US | 8.8.8.8:53 | app2.winsoft33.com | udp |
| US | 8.8.8.8:53 | app2.winsoft34.com | udp |
| US | 8.8.8.8:53 | app2.winsoft35.com | udp |
| US | 8.8.8.8:53 | app2.winsoft36.com | udp |
| US | 8.8.8.8:53 | app2.winsoft37.com | udp |
| US | 8.8.8.8:53 | app2.winsoft38.com | udp |
| US | 8.8.8.8:53 | app2.winsoft39.com | udp |
| US | 8.8.8.8:53 | app2.winsoft40.com | udp |
| US | 8.8.8.8:53 | app2.winsoft41.com | udp |
| US | 8.8.8.8:53 | app2.winsoft42.com | udp |
| US | 8.8.8.8:53 | app2.winsoft43.com | udp |
| US | 8.8.8.8:53 | app2.winsoft44.com | udp |
| US | 8.8.8.8:53 | app2.winsoft45.com | udp |
| US | 8.8.8.8:53 | app2.winsoft46.com | udp |
| US | 8.8.8.8:53 | app2.winsoft47.com | udp |
| US | 8.8.8.8:53 | app2.winsoft48.com | udp |
| US | 8.8.8.8:53 | app2.winsoft49.com | udp |
| US | 8.8.8.8:53 | app2.winsoft50.com | udp |
| US | 8.8.8.8:53 | app2.winsoft51.com | udp |
| US | 8.8.8.8:53 | app2.winsoft52.com | udp |
| US | 8.8.8.8:53 | app2.winsoft53.com | udp |
| US | 8.8.8.8:53 | app2.winsoft54.com | udp |
| US | 8.8.8.8:53 | app2.winsoft55.com | udp |
| US | 8.8.8.8:53 | app2.winsoft56.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft57.com | udp |
| US | 8.8.8.8:53 | app2.winsoft58.com | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft59.com | udp |
| US | 8.8.8.8:53 | app2.winsoft60.com | udp |
| US | 8.8.8.8:53 | app2.winsoft61.com | udp |
| US | 8.8.8.8:53 | app2.winsoft62.com | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft63.com | udp |
| US | 8.8.8.8:53 | app2.winsoft64.com | udp |
| US | 8.8.8.8:53 | app2.winsoft65.com | udp |
| US | 8.8.8.8:53 | app2.winsoft66.com | udp |
| US | 8.8.8.8:53 | app2.winsoft67.com | udp |
| US | 8.8.8.8:53 | app2.winsoft68.com | udp |
| US | 8.8.8.8:53 | app2.winsoft69.com | udp |
| US | 8.8.8.8:53 | app2.winsoft70.com | udp |
| US | 8.8.8.8:53 | app2.winsoft71.com | udp |
| US | 8.8.8.8:53 | app2.winsoft72.com | udp |
| US | 8.8.8.8:53 | app2.winsoft73.com | udp |
| US | 8.8.8.8:53 | app2.winsoft74.com | udp |
| US | 8.8.8.8:53 | app2.winsoft75.com | udp |
| US | 8.8.8.8:53 | app2.winsoft76.com | udp |
| US | 8.8.8.8:53 | app2.winsoft77.com | udp |
| US | 8.8.8.8:53 | app2.winsoft78.com | udp |
| US | 8.8.8.8:53 | app2.winsoft79.com | udp |
| US | 8.8.8.8:53 | app2.winsoft80.com | udp |
| US | 8.8.8.8:53 | app2.winsoft81.com | udp |
| US | 8.8.8.8:53 | app2.winsoft82.com | udp |
| US | 8.8.8.8:53 | app2.winsoft83.com | udp |
| US | 8.8.8.8:53 | app2.winsoft84.com | udp |
| US | 8.8.8.8:53 | app2.winsoft85.com | udp |
| US | 8.8.8.8:53 | app2.winsoft86.com | udp |
| US | 8.8.8.8:53 | app2.winsoft87.com | udp |
| US | 8.8.8.8:53 | app2.winsoft88.com | udp |
| US | 8.8.8.8:53 | app2.winsoft89.com | udp |
| US | 8.8.8.8:53 | app2.winsoft90.com | udp |
| US | 8.8.8.8:53 | app2.winsoft91.com | udp |
| US | 8.8.8.8:53 | app2.winsoft92.com | udp |
| US | 8.8.8.8:53 | app2.winsoft93.com | udp |
| US | 8.8.8.8:53 | app2.winsoft94.com | udp |
| US | 8.8.8.8:53 | app2.winsoft95.com | udp |
| US | 8.8.8.8:53 | app2.winsoft96.com | udp |
| US | 8.8.8.8:53 | app2.winsoft97.com | udp |
| US | 8.8.8.8:53 | app2.winsoft98.com | udp |
| US | 8.8.8.8:53 | app2.winsoft99.com | udp |
| US | 8.8.8.8:53 | app2.winsoft100.com | udp |
| US | 8.8.8.8:53 | app2.winsoft0.com | udp |
| US | 8.8.8.8:53 | app2.winsoft1.com | udp |
| US | 8.8.8.8:53 | app2.winsoft2.com | udp |
| US | 8.8.8.8:53 | app2.winsoft3.com | udp |
| US | 8.8.8.8:53 | p2.winsoft3.com | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |