Analysis Overview
SHA256
ea7d9e9b846e07ee0e1fbfde3d125cc51ee11b4a361cdae630738f59f8acd2c6
Threat Level: Known bad
The file e012e871a15695612515d1578be49d83_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Async RAT payload
Enumerates physical storage devices
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 08:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 08:28
Reported
2024-04-06 08:31
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
AsyncRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 52.111.229.19:443 | tcp | |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/3496-0-0x0000000000880000-0x00000000008A8000-memory.dmp
memory/3496-1-0x00007FFF99D20000-0x00007FFF9A7E1000-memory.dmp
memory/3496-2-0x0000000001310000-0x0000000001324000-memory.dmp
C:\ProgramData\malmustafa
| MD5 | 60fb86cc7b5b521e5a63d31e503df61a |
| SHA1 | 1c7d52533038a25c690561844657b92ab2817de5 |
| SHA256 | 8d098354ee9c5d508db21549519c3ef87b07e96fba92e62035f9f60874974e19 |
| SHA512 | 1508e87931c0c8d89aef0b2e7db3baa6d6b614e5c1a6012f8e4802d069060022cce3e5a25b049ba39a604d3695a7ce425fa5f5777a3956549ddb7e51a70f385e |
memory/3496-30-0x00007FFF99D20000-0x00007FFF9A7E1000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 08:28
Reported
2024-04-06 08:31
Platform
win7-20240221-en
Max time kernel
119s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e012e871a15695612515d1578be49d83_JaffaCakes118.exe"
Network
Files
memory/2688-0-0x0000000001370000-0x0000000001398000-memory.dmp
memory/2688-1-0x000007FEF5240000-0x000007FEF5C2C000-memory.dmp
memory/2688-2-0x00000000006B0000-0x00000000006C4000-memory.dmp
memory/2688-5-0x000007FEF5240000-0x000007FEF5C2C000-memory.dmp