Analysis Overview
SHA256
705dbb05ab9e06321a184fe6e40fb97cd6582f545fe74a844094d89751bbcc2f
Threat Level: Known bad
The file e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
SectopRAT
SectopRAT payload
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-04-06 10:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 10:10
Reported
2024-04-06 10:13
Platform
win7-20240221-en
Max time kernel
141s
Max time network
150s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 185.215.113.29:24645 | tcp | |
| RU | 185.215.113.29:24645 | tcp | |
| RU | 185.215.113.29:24645 | tcp | |
| RU | 185.215.113.29:24645 | tcp | |
| RU | 185.215.113.29:24645 | tcp | |
| RU | 185.215.113.29:24645 | tcp |
Files
memory/884-1-0x00000000002F0000-0x00000000003F0000-memory.dmp
memory/884-2-0x00000000001C0000-0x00000000001F0000-memory.dmp
memory/884-3-0x0000000000400000-0x00000000016D3000-memory.dmp
memory/884-4-0x0000000073E00000-0x00000000744EE000-memory.dmp
memory/884-5-0x00000000037F0000-0x0000000003830000-memory.dmp
memory/884-6-0x00000000032A0000-0x00000000032C4000-memory.dmp
memory/884-7-0x00000000037F0000-0x0000000003830000-memory.dmp
memory/884-8-0x0000000003490000-0x00000000034B2000-memory.dmp
memory/884-10-0x00000000002F0000-0x00000000003F0000-memory.dmp
memory/884-11-0x0000000073E00000-0x00000000744EE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 10:10
Reported
2024-04-06 10:13
Platform
win10v2004-20240226-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e236a905ee0765d8a11aec7d2b3e908d_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| RU | 185.215.113.29:24645 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| RU | 185.215.113.29:24645 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| RU | 185.215.113.29:24645 | tcp | |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| RU | 185.215.113.29:24645 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| RU | 185.215.113.29:24645 | tcp | |
| RU | 185.215.113.29:24645 | tcp |
Files
memory/3212-1-0x0000000001A70000-0x0000000001B70000-memory.dmp
memory/3212-2-0x0000000003440000-0x0000000003470000-memory.dmp
memory/3212-3-0x0000000000400000-0x00000000016D3000-memory.dmp
memory/3212-4-0x00000000035C0000-0x00000000035E4000-memory.dmp
memory/3212-5-0x0000000075190000-0x0000000075940000-memory.dmp
memory/3212-6-0x0000000005F20000-0x0000000005F30000-memory.dmp
memory/3212-8-0x0000000005F20000-0x0000000005F30000-memory.dmp
memory/3212-7-0x0000000005F20000-0x0000000005F30000-memory.dmp
memory/3212-9-0x0000000005F30000-0x00000000064D4000-memory.dmp
memory/3212-10-0x0000000003890000-0x00000000038B2000-memory.dmp
memory/3212-11-0x00000000064E0000-0x0000000006AF8000-memory.dmp
memory/3212-12-0x0000000005E40000-0x0000000005E52000-memory.dmp
memory/3212-13-0x0000000006B00000-0x0000000006C0A000-memory.dmp
memory/3212-14-0x0000000005F20000-0x0000000005F30000-memory.dmp
memory/3212-15-0x0000000005E60000-0x0000000005E9C000-memory.dmp
memory/3212-16-0x0000000005ED0000-0x0000000005F1C000-memory.dmp
memory/3212-17-0x0000000001A70000-0x0000000001B70000-memory.dmp
memory/3212-18-0x0000000000400000-0x00000000016D3000-memory.dmp
memory/3212-20-0x0000000003440000-0x0000000003470000-memory.dmp
memory/3212-21-0x0000000075190000-0x0000000075940000-memory.dmp
memory/3212-23-0x0000000005F20000-0x0000000005F30000-memory.dmp
memory/3212-24-0x0000000005F20000-0x0000000005F30000-memory.dmp