Overview

overview

7

Static

static

3

0223ab60a8...18.exe

windows7-x64

7

0223ab60a8...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    66s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 01:48 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe

  • Size

    312KB

  • MD5

    0223ab60a8cab8712d48844a66e73f83

  • SHA1

    8bf7b52a231eff5ce94b30efb2c3c6745319f2b4

  • SHA256

    7d6b392b5bd234332feb7a983c59078a9350eff0bb88daf13f3d7d41b7685717

  • SHA512

    06608af72e498303776f3e92a352554f957d3c649a2b6fb441655c4c4bc6396448882e35be4fe880014649835162becbec6582772b02e2fa5c7463bce1eb375c

  • SSDEEP

    6144:xrkS9uEo2S1YnQmCX492DkwNP3qpYFK3WSsmbjbqKcs3wP8pXAN7iiF:xrkau6/eIo43ts7KcXgXAN7i8

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4240

Network

  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
  • flag-us
    DNS
    c2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    r2.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    r2.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
  • flag-us
    DNS
    c1.getapplicationmy.info
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    c1.getapplicationmy.info
    IN A
No results found
  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    350 B
     5

    DNS Request

    c1.getapplicationmy.info

    DNS Request

    c1.getapplicationmy.info

    DNS Request

    c1.getapplicationmy.info

    DNS Request

    c1.getapplicationmy.info

    DNS Request

    c1.getapplicationmy.info

  • 8.8.8.8:53
    r1.getapplicationmy.info
    dns
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    350 B
     5

    DNS Request

    r1.getapplicationmy.info

    DNS Request

    r1.getapplicationmy.info

    DNS Request

    r1.getapplicationmy.info

    DNS Request

    r1.getapplicationmy.info

    DNS Request

    r1.getapplicationmy.info

  • 8.8.8.8:53
    g.bing.com
    dns
    280 B
     5

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

    DNS Request

    g.bing.com

  • 8.8.8.8:53
    c2.getapplicationmy.info
    dns
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    350 B
     5

    DNS Request

    c2.getapplicationmy.info

    DNS Request

    c2.getapplicationmy.info

    DNS Request

    c2.getapplicationmy.info

    DNS Request

    c2.getapplicationmy.info

    DNS Request

    c2.getapplicationmy.info

  • 8.8.8.8:53
    r2.getapplicationmy.info
    dns
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    350 B
     5

    DNS Request

    r2.getapplicationmy.info

    DNS Request

    r2.getapplicationmy.info

    DNS Request

    r2.getapplicationmy.info

    DNS Request

    r2.getapplicationmy.info

    DNS Request

    r2.getapplicationmy.info

  • 8.8.8.8:53
    c1.getapplicationmy.info
    dns
    0223ab60a8cab8712d48844a66e73f83_JaffaCakes118.exe
    350 B
     5

    DNS Request

    c1.getapplicationmy.info

    DNS Request

    c1.getapplicationmy.info

    DNS Request

    c1.getapplicationmy.info

    DNS Request

    c1.getapplicationmy.info

    DNS Request

    c1.getapplicationmy.info

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TsuF8051C39.dll
    Filesize

    269KB

    MD5

    af7ce801c8471c5cd19b366333c153c4

    SHA1

    4267749d020a362edbd25434ad65f98b073581f1

    SHA256

    cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

    SHA512

    88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{B396595C-ECB2-46CF-A424-A49068757BAA}\Custom.dll
    Filesize

    91KB

    MD5

    484f9d098f422e2d83df800e37a078a0

    SHA1

    0e7b632cb9fa7eadf49d45bd6586a59dc78e879f

    SHA256

    024301f339a44f4af2fd40a64058803e2fb70afe2807bb004968cb36b260ab60

    SHA512

    0d7fc20ce1f92774ff1657e573dabb573e8ed522d3a12c973e4741228d1c1afc2c574b94262b562ddae7780ae10c484212191658d80ea1b4ed6cb3a4f9e8a443

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{B396595C-ECB2-46CF-A424-A49068757BAA}\_Setup.dll
    Filesize

    168KB

    MD5

    9f8992a651c85604676b2bbf54830547

    SHA1

    bd2a5cd0038899d97d7c652056c948c33c5bc83d

    SHA256

    61fef12b10bb745094ec1392da30c357d508c2befafddd354cad9922feca8ed4

    SHA512

    a6d7692bdbf1a19eb582150d5387faf7d08119f7b111a809c3b55f9de5ee74481b62a1a745f6ed3817ac4c0245ca52e4db8026690ba6a48d3006d47771b60ed7

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.