Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 16:02 UTC

General

  • Target

    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe

  • Size

    491KB

  • MD5

    eb711850b55eef26986d38f1d0a93226

  • SHA1

    2cafc9230bd7a2848c1989c2438c9192d4f53aae

  • SHA256

    200ae905586ed70b0e4d2b45a4090a11076c84874f017b7e1866d7acaab80d6e

  • SHA512

    2f75e30beb24a6077920359f402ea6b244c6dae9b4fe16c2bffe0c7c2d6c2bba5adbcfbed3cd7b0d1f45f182cb1583c46a3f3e91d36feca9bcbf829a6920254c

  • SSDEEP

    12288:56uYPLLE9BArgKPFOQnLuWMZarsYJtv0nTSv1Hc9c:2PLLeBAcK9OQnSWOarsYJVdvZ

Score
10/10

Malware Config

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

  • Raccoon Stealer V1 payload 3 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe"
    1⤵
    • Modifies system certificate store
    PID:2896

Network

  • flag-us
    DNS
    telete.in
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    telete.in
    IN A
    Response
    telete.in
    IN A
    185.53.177.54
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:02:53 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:02:58 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:04 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:09 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:14 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:19 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:24 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:29 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:34 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:39 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:44 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:49 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:54 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:03:59 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:04 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:09 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:14 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:19 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:24 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:29 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:35 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:40 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:45 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:50 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:04:55 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:05:00 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:05:05 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:05:10 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:05:15 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • flag-de
    GET
    https://telete.in/bibiOutriggr1
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    Remote address:
    185.53.177.54:443
    Request
    GET /bibiOutriggr1 HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/plain; charset=UTF-8
    Host: telete.in
    Response
    HTTP/1.1 410 Gone
    Date: Wed, 10 Apr 2024 16:05:20 GMT
    Content-Length: 10
    Content-Type: text/plain; charset=utf-8
  • 185.53.177.54:443
    https://telete.in/bibiOutriggr1
    tls, http
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    9.1kB
    11.7kB
    67
    46

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410

    HTTP Request

    GET https://telete.in/bibiOutriggr1

    HTTP Response

    410
  • 8.8.8.8:53
    telete.in
    dns
    eb711850b55eef26986d38f1d0a93226_JaffaCakes118.exe
    55 B
    71 B
    1
    1

    DNS Request

    telete.in

    DNS Response

    185.53.177.54

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2896-1-0x0000000001E40000-0x0000000001F40000-memory.dmp

    Filesize

    1024KB

  • memory/2896-2-0x0000000000370000-0x00000000003FF000-memory.dmp

    Filesize

    572KB

  • memory/2896-3-0x0000000000400000-0x0000000001DC8000-memory.dmp

    Filesize

    25.8MB

  • memory/2896-6-0x0000000001E40000-0x0000000001F40000-memory.dmp

    Filesize

    1024KB

  • memory/2896-7-0x0000000000370000-0x00000000003FF000-memory.dmp

    Filesize

    572KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.