Analysis Overview
SHA256
e702273d988557cad1dc79a54e27a4d063486bfd31a9efdcb442b301a483159c
Threat Level: Shows suspicious behavior
The file e2c35a18eadf6cb3ddc6fcd7b69237a0_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Unsigned PE
Suspicious behavior: RenamesItself
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 14:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 14:40
Reported
2024-04-06 14:43
Platform
win7-20240221-en
Max time kernel
117s
Max time network
121s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\7072797e746a6833786578 = "C:\\Users\\Admin\\ciwu.exe" | C:\Users\Admin\AppData\Local\Temp\e2c35a18eadf6cb3ddc6fcd7b69237a0_JaffaCakes118.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e2c35a18eadf6cb3ddc6fcd7b69237a0_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e2c35a18eadf6cb3ddc6fcd7b69237a0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e2c35a18eadf6cb3ddc6fcd7b69237a0_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | app2.winsoft1.com | udp |
| US | 8.8.8.8:53 | app2.winsoft2.com | udp |
| US | 8.8.8.8:53 | app2.winsoft3.com | udp |
| US | 8.8.8.8:53 | app2.winsoft4.com | udp |
| US | 8.8.8.8:53 | app2.winsoft5.com | udp |
| US | 8.8.8.8:53 | app2.winsoft6.com | udp |
| US | 8.8.8.8:53 | app2.winsoft7.com | udp |
| US | 8.8.8.8:53 | app2.winsoft8.com | udp |
| US | 8.8.8.8:53 | app2.winsoft9.com | udp |
| US | 8.8.8.8:53 | app2.winsoft10.com | udp |
| US | 8.8.8.8:53 | app2.winsoft11.com | udp |
| US | 8.8.8.8:53 | app2.winsoft12.com | udp |
| US | 8.8.8.8:53 | app2.winsoft13.com | udp |
| US | 8.8.8.8:53 | app2.winsoft15.com | udp |
| US | 8.8.8.8:53 | app2.winsoft16.com | udp |
| US | 8.8.8.8:53 | app2.winsoft17.com | udp |
| US | 8.8.8.8:53 | app2.winsoft18.com | udp |
| US | 8.8.8.8:53 | app2.winsoft19.com | udp |
| US | 8.8.8.8:53 | app2.winsoft20.com | udp |
| US | 8.8.8.8:53 | app2.winsoft21.com | udp |
| US | 8.8.8.8:53 | app2.winsoft22.com | udp |
| US | 8.8.8.8:53 | app2.winsoft23.com | udp |
| US | 8.8.8.8:53 | app2.winsoft24.com | udp |
| US | 8.8.8.8:53 | app2.winsoft25.com | udp |
| US | 8.8.8.8:53 | app2.winsoft26.com | udp |
| US | 8.8.8.8:53 | app2.winsoft27.com | udp |
| US | 8.8.8.8:53 | app2.winsoft28.com | udp |
| US | 8.8.8.8:53 | app2.winsoft29.com | udp |
| US | 8.8.8.8:53 | app2.winsoft30.com | udp |
| US | 8.8.8.8:53 | app2.winsoft31.com | udp |
| US | 8.8.8.8:53 | app2.winsoft32.com | udp |
| US | 8.8.8.8:53 | app2.winsoft33.com | udp |
| US | 8.8.8.8:53 | app2.winsoft34.com | udp |
| US | 8.8.8.8:53 | app2.winsoft35.com | udp |
| US | 8.8.8.8:53 | app2.winsoft36.com | udp |
| US | 8.8.8.8:53 | app2.winsoft37.com | udp |
| US | 8.8.8.8:53 | app2.winsoft38.com | udp |
| US | 8.8.8.8:53 | app2.winsoft39.com | udp |
| US | 8.8.8.8:53 | app2.winsoft40.com | udp |
| US | 8.8.8.8:53 | app2.winsoft41.com | udp |
| US | 8.8.8.8:53 | app2.winsoft42.com | udp |
| US | 8.8.8.8:53 | app2.winsoft43.com | udp |
| US | 8.8.8.8:53 | app2.winsoft44.com | udp |
| US | 8.8.8.8:53 | app2.winsoft45.com | udp |
| US | 8.8.8.8:53 | app2.winsoft46.com | udp |
| US | 8.8.8.8:53 | app2.winsoft47.com | udp |
| US | 8.8.8.8:53 | app2.winsoft48.com | udp |
| US | 8.8.8.8:53 | app2.winsoft49.com | udp |
| US | 8.8.8.8:53 | app2.winsoft50.com | udp |
| US | 8.8.8.8:53 | app2.winsoft51.com | udp |
| US | 8.8.8.8:53 | app2.winsoft52.com | udp |
| US | 8.8.8.8:53 | app2.winsoft53.com | udp |
| US | 8.8.8.8:53 | app2.winsoft54.com | udp |
| US | 8.8.8.8:53 | app2.winsoft55.com | udp |
| US | 8.8.8.8:53 | app2.winsoft56.com | udp |
| US | 8.8.8.8:53 | app2.winsoft57.com | udp |
| US | 8.8.8.8:53 | app2.winsoft58.com | udp |
| US | 8.8.8.8:53 | app2.winsoft59.com | udp |
| US | 8.8.8.8:53 | app2.winsoft60.com | udp |
| US | 8.8.8.8:53 | app2.winsoft61.com | udp |
| US | 8.8.8.8:53 | app2.winsoft62.com | udp |
| US | 8.8.8.8:53 | app2.winsoft63.com | udp |
| US | 8.8.8.8:53 | app2.winsoft64.com | udp |
| US | 8.8.8.8:53 | app2.winsoft65.com | udp |
| US | 8.8.8.8:53 | app2.winsoft66.com | udp |
| US | 8.8.8.8:53 | app2.winsoft67.com | udp |
| US | 8.8.8.8:53 | app2.winsoft68.com | udp |
| US | 8.8.8.8:53 | app2.winsoft69.com | udp |
| US | 8.8.8.8:53 | app2.winsoft70.com | udp |
| US | 8.8.8.8:53 | app2.winsoft71.com | udp |
| US | 8.8.8.8:53 | app2.winsoft72.com | udp |
| US | 8.8.8.8:53 | app2.winsoft73.com | udp |
| US | 8.8.8.8:53 | app2.winsoft74.com | udp |
| US | 8.8.8.8:53 | app2.winsoft75.com | udp |
| US | 8.8.8.8:53 | app2.winsoft76.com | udp |
| US | 8.8.8.8:53 | app2.winsoft77.com | udp |
| US | 8.8.8.8:53 | app2.winsoft78.com | udp |
| US | 8.8.8.8:53 | app2.winsoft79.com | udp |
| US | 8.8.8.8:53 | app2.winsoft80.com | udp |
| US | 8.8.8.8:53 | app2.winsoft81.com | udp |
| US | 8.8.8.8:53 | app2.winsoft82.com | udp |
| US | 8.8.8.8:53 | app2.winsoft83.com | udp |
| US | 8.8.8.8:53 | app2.winsoft84.com | udp |
| US | 8.8.8.8:53 | app2.winsoft85.com | udp |
| US | 8.8.8.8:53 | app2.winsoft86.com | udp |
| US | 8.8.8.8:53 | app2.winsoft87.com | udp |
| US | 8.8.8.8:53 | app2.winsoft88.com | udp |
| US | 8.8.8.8:53 | app2.winsoft89.com | udp |
| US | 8.8.8.8:53 | app2.winsoft90.com | udp |
| US | 8.8.8.8:53 | app2.winsoft91.com | udp |
| US | 8.8.8.8:53 | app2.winsoft92.com | udp |
| US | 8.8.8.8:53 | app2.winsoft93.com | udp |
| US | 8.8.8.8:53 | app2.winsoft94.com | udp |
| US | 8.8.8.8:53 | app2.winsoft95.com | udp |
| US | 8.8.8.8:53 | app2.winsoft96.com | udp |
| US | 8.8.8.8:53 | app2.winsoft97.com | udp |
| US | 8.8.8.8:53 | app2.winsoft98.com | udp |
| US | 8.8.8.8:53 | app2.winsoft99.com | udp |
| US | 8.8.8.8:53 | app2.winsoft100.com | udp |
| US | 8.8.8.8:53 | p2.winsoft3.com | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 14:40
Reported
2024-04-06 14:43
Platform
win10v2004-20240226-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-513485977-2495024337-1260977654-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\37353e39332d2f743f223f = "C:\\Users\\Admin\\ciwu.exe" | C:\Users\Admin\AppData\Local\Temp\e2c35a18eadf6cb3ddc6fcd7b69237a0_JaffaCakes118.exe | N/A |
Suspicious behavior: RenamesItself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e2c35a18eadf6cb3ddc6fcd7b69237a0_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e2c35a18eadf6cb3ddc6fcd7b69237a0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e2c35a18eadf6cb3ddc6fcd7b69237a0_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | app2.winsoft1.com | udp |
| US | 8.8.8.8:53 | app2.winsoft2.com | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft3.com | udp |
| US | 8.8.8.8:53 | app2.winsoft4.com | udp |
| US | 8.8.8.8:53 | 131.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft5.com | udp |
| US | 8.8.8.8:53 | app2.winsoft6.com | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft7.com | udp |
| US | 8.8.8.8:53 | app2.winsoft8.com | udp |
| US | 8.8.8.8:53 | app2.winsoft9.com | udp |
| US | 8.8.8.8:53 | app2.winsoft10.com | udp |
| US | 8.8.8.8:53 | app2.winsoft11.com | udp |
| US | 8.8.8.8:53 | app2.winsoft12.com | udp |
| US | 8.8.8.8:53 | app2.winsoft13.com | udp |
| US | 8.8.8.8:53 | app2.winsoft14.com | udp |
| US | 8.8.8.8:53 | app2.winsoft15.com | udp |
| US | 8.8.8.8:53 | app2.winsoft16.com | udp |
| US | 8.8.8.8:53 | app2.winsoft17.com | udp |
| US | 8.8.8.8:53 | app2.winsoft18.com | udp |
| US | 8.8.8.8:53 | app2.winsoft19.com | udp |
| US | 8.8.8.8:53 | app2.winsoft20.com | udp |
| US | 8.8.8.8:53 | app2.winsoft21.com | udp |
| US | 8.8.8.8:53 | app2.winsoft22.com | udp |
| US | 8.8.8.8:53 | app2.winsoft23.com | udp |
| US | 8.8.8.8:53 | app2.winsoft24.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft25.com | udp |
| US | 8.8.8.8:53 | app2.winsoft26.com | udp |
| US | 8.8.8.8:53 | app2.winsoft27.com | udp |
| US | 8.8.8.8:53 | app2.winsoft28.com | udp |
| US | 8.8.8.8:53 | app2.winsoft29.com | udp |
| US | 8.8.8.8:53 | app2.winsoft30.com | udp |
| US | 8.8.8.8:53 | app2.winsoft31.com | udp |
| US | 8.8.8.8:53 | app2.winsoft32.com | udp |
| US | 8.8.8.8:53 | app2.winsoft33.com | udp |
| US | 8.8.8.8:53 | app2.winsoft34.com | udp |
| US | 8.8.8.8:53 | app2.winsoft35.com | udp |
| US | 8.8.8.8:53 | app2.winsoft36.com | udp |
| US | 8.8.8.8:53 | app2.winsoft37.com | udp |
| US | 8.8.8.8:53 | app2.winsoft38.com | udp |
| US | 8.8.8.8:53 | app2.winsoft39.com | udp |
| US | 8.8.8.8:53 | app2.winsoft40.com | udp |
| US | 8.8.8.8:53 | app2.winsoft41.com | udp |
| US | 8.8.8.8:53 | app2.winsoft42.com | udp |
| US | 8.8.8.8:53 | app2.winsoft43.com | udp |
| US | 8.8.8.8:53 | app2.winsoft44.com | udp |
| US | 8.8.8.8:53 | app2.winsoft45.com | udp |
| US | 8.8.8.8:53 | app2.winsoft46.com | udp |
| US | 8.8.8.8:53 | app2.winsoft47.com | udp |
| US | 8.8.8.8:53 | app2.winsoft48.com | udp |
| US | 8.8.8.8:53 | app2.winsoft49.com | udp |
| US | 8.8.8.8:53 | app2.winsoft50.com | udp |
| US | 8.8.8.8:53 | app2.winsoft51.com | udp |
| US | 8.8.8.8:53 | app2.winsoft52.com | udp |
| US | 8.8.8.8:53 | app2.winsoft53.com | udp |
| US | 8.8.8.8:53 | app2.winsoft54.com | udp |
| US | 8.8.8.8:53 | app2.winsoft55.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft56.com | udp |
| US | 8.8.8.8:53 | app2.winsoft57.com | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft58.com | udp |
| US | 8.8.8.8:53 | app2.winsoft59.com | udp |
| US | 8.8.8.8:53 | app2.winsoft60.com | udp |
| US | 8.8.8.8:53 | app2.winsoft61.com | udp |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app2.winsoft62.com | udp |
| US | 8.8.8.8:53 | app2.winsoft63.com | udp |
| US | 8.8.8.8:53 | app2.winsoft64.com | udp |
| US | 8.8.8.8:53 | app2.winsoft65.com | udp |
| US | 8.8.8.8:53 | app2.winsoft66.com | udp |
| US | 8.8.8.8:53 | app2.winsoft67.com | udp |
| US | 8.8.8.8:53 | app2.winsoft68.com | udp |
| US | 8.8.8.8:53 | app2.winsoft69.com | udp |
| US | 8.8.8.8:53 | app2.winsoft70.com | udp |
| US | 8.8.8.8:53 | app2.winsoft71.com | udp |
| US | 8.8.8.8:53 | app2.winsoft72.com | udp |
| US | 8.8.8.8:53 | app2.winsoft73.com | udp |
| US | 8.8.8.8:53 | app2.winsoft74.com | udp |
| US | 8.8.8.8:53 | app2.winsoft75.com | udp |
| US | 8.8.8.8:53 | app2.winsoft76.com | udp |
| US | 8.8.8.8:53 | app2.winsoft77.com | udp |
| US | 8.8.8.8:53 | app2.winsoft78.com | udp |
| US | 8.8.8.8:53 | app2.winsoft79.com | udp |
| US | 8.8.8.8:53 | app2.winsoft80.com | udp |
| US | 8.8.8.8:53 | app2.winsoft81.com | udp |
| US | 8.8.8.8:53 | app2.winsoft82.com | udp |
| US | 8.8.8.8:53 | app2.winsoft83.com | udp |
| US | 8.8.8.8:53 | app2.winsoft84.com | udp |
| US | 8.8.8.8:53 | app2.winsoft85.com | udp |
| US | 8.8.8.8:53 | app2.winsoft86.com | udp |
| US | 8.8.8.8:53 | app2.winsoft87.com | udp |
| US | 8.8.8.8:53 | app2.winsoft88.com | udp |
| US | 8.8.8.8:53 | app2.winsoft89.com | udp |
| US | 8.8.8.8:53 | app2.winsoft90.com | udp |
| US | 8.8.8.8:53 | app2.winsoft91.com | udp |
| US | 8.8.8.8:53 | app2.winsoft92.com | udp |
| US | 8.8.8.8:53 | app2.winsoft93.com | udp |
| US | 8.8.8.8:53 | app2.winsoft94.com | udp |
| US | 8.8.8.8:53 | app2.winsoft95.com | udp |
| US | 8.8.8.8:53 | app2.winsoft96.com | udp |
| US | 8.8.8.8:53 | app2.winsoft97.com | udp |
| US | 8.8.8.8:53 | app2.winsoft98.com | udp |
| US | 8.8.8.8:53 | app2.winsoft99.com | udp |
| US | 8.8.8.8:53 | app2.winsoft100.com | udp |
| US | 8.8.8.8:53 | app2.winsoft0.com | udp |
| US | 8.8.8.8:53 | app2.winsoft1.com | udp |
| US | 8.8.8.8:53 | app2.winsoft2.com | udp |
| US | 8.8.8.8:53 | app2.winsoft3.com | udp |
| US | 8.8.8.8:53 | p2.winsoft3.com | udp |
| US | 8.8.8.8:53 | 99.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |