Analysis Overview
SHA256
dcaed207abac1a9d0691a20c84c9c3c579e069c39b8ffda2c371284c2e23129d
Threat Level: Shows suspicious behavior
The file e616bec8e3ffe02a44b04865e2951416_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Adds Run key to start application
Uses Tor communications
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 23:17
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 23:17
Reported
2024-04-07 23:19
Platform
win7-20240221-en
Max time kernel
139s
Max time network
144s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\4fx3ejs2uy = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e616bec8e3ffe02a44b04865e2951416_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\e616bec8e3ffe02a44b04865e2951416_JaffaCakes118.exe | N/A |
Uses Tor communications
Processes
C:\Users\Admin\AppData\Local\Temp\e616bec8e3ffe02a44b04865e2951416_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e616bec8e3ffe02a44b04865e2951416_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| SE | 171.25.193.9:443 | 171.25.193.9 | tcp |
| FR | 80.67.167.81:9001 | tcp | |
| NL | 192.42.116.181:9001 | tcp | |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| RS | 146.70.111.19:16374 | tcp | |
| DE | 178.18.246.108:9002 | tcp | |
| NL | 185.67.45.100:9001 | tcp | |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| DE | 195.90.211.36:993 | tcp | |
| LV | 94.100.6.30:9001 | tcp | |
| US | 208.113.133.68:9001 | tcp | |
| JP | 160.251.204.200:9002 | tcp | |
| DE | 185.220.101.4:9003 | tcp | |
| UA | 194.147.140.101:465 | tcp | |
| CA | 66.70.227.44:443 | tcp | |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| MD | 178.17.171.102:9001 | tcp | |
| NO | 185.5.233.141:7355 | tcp | |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| US | 45.79.177.21:443 | tcp | |
| SG | 103.253.24.18:443 | tcp | |
| FI | 65.21.195.87:9001 | tcp | |
| US | 174.128.250.164:80 | tcp | |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| DE | 91.143.81.27:443 | tcp | |
| DE | 45.142.176.96:9000 | tcp | |
| BR | 177.104.142.225:443 | tcp | |
| UA | 62.149.2.188:9001 | tcp | |
| CZ | 176.74.222.61:9001 | tcp | |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| HU | 87.229.85.197:9001 | tcp | |
| US | 45.55.47.232:9001 | tcp | |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 23:17
Reported
2024-04-07 23:19
Platform
win10v2004-20240226-en
Max time kernel
123s
Max time network
129s
Command Line
Signatures
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lcyv5md5nu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e616bec8e3ffe02a44b04865e2951416_JaffaCakes118.exe" | C:\Users\Admin\AppData\Local\Temp\e616bec8e3ffe02a44b04865e2951416_JaffaCakes118.exe | N/A |
Uses Tor communications
Processes
C:\Users\Admin\AppData\Local\Temp\e616bec8e3ffe02a44b04865e2951416_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e616bec8e3ffe02a44b04865e2951416_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 199.254.238.52:80 | tcp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 199.254.238.52:80 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.118.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| DE | 131.188.40.189:80 | 131.188.40.189 | tcp |
| NL | 45.151.167.11:9001 | tcp | |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| NL | 45.80.171.18:9001 | tcp | |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| US | 8.8.8.8:53 | 11.167.151.45.in-addr.arpa | udp |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.219.218.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.171.80.45.in-addr.arpa | udp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| NL | 192.42.116.191:9000 | tcp | |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| NL | 95.179.180.139:9001 | tcp | |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| US | 8.8.8.8:53 | 191.116.42.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.180.179.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| PL | 45.141.215.90:110 | tcp | |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| US | 8.8.8.8:53 | 90.215.141.45.in-addr.arpa | udp |