Analysis Overview
SHA256
93ee115623bdef096505ed9e768fd246e0b787b20e689365a80da73cb607b3e8
Threat Level: Known bad
The file 4ae92949161b313c6f5c846be759f221_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Emotet
Emotet payload
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-16 11:47
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-16 11:47
Reported
2024-05-16 11:49
Platform
win7-20240215-en
Max time kernel
127s
Max time network
137s
Command Line
Signatures
Emotet
Emotet payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ae92949161b313c6f5c846be759f221_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ae92949161b313c6f5c846be759f221_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4ae92949161b313c6f5c846be759f221_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ae92949161b313c6f5c846be759f221_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 75.139.38.211:80 | tcp | |
| US | 75.139.38.211:80 | tcp | |
| US | 74.207.230.187:8080 | tcp | |
| US | 74.207.230.187:8080 | tcp | |
| VN | 115.79.195.246:80 | tcp | |
| VN | 115.79.195.246:80 | tcp | |
| FR | 46.105.131.68:8080 | tcp | |
| FR | 46.105.131.68:8080 | tcp |
Files
memory/2200-0-0x0000000000350000-0x000000000035C000-memory.dmp
memory/2200-4-0x00000000002C0000-0x00000000002C9000-memory.dmp
memory/2200-5-0x0000000000350000-0x000000000035C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-16 11:47
Reported
2024-05-16 11:49
Platform
win10v2004-20240426-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Emotet
Emotet payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ae92949161b313c6f5c846be759f221_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ae92949161b313c6f5c846be759f221_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4ae92949161b313c6f5c846be759f221_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ae92949161b313c6f5c846be759f221_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 19.53.126.40.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 75.139.38.211:80 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 74.207.230.187:8080 | tcp | |
| VN | 115.79.195.246:80 | tcp | |
| FR | 46.105.131.68:8080 | tcp | |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| TR | 78.189.111.208:443 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 50.116.78.109:8080 | tcp | |
| ZA | 105.209.239.55:80 | tcp |
Files
memory/1648-0-0x0000000002170000-0x000000000217C000-memory.dmp
memory/1648-4-0x0000000002160000-0x0000000002169000-memory.dmp
memory/1648-5-0x0000000002170000-0x000000000217C000-memory.dmp
memory/1648-6-0x0000000002150000-0x0000000002158000-memory.dmp
memory/1648-7-0x0000000002700000-0x00000000027F1000-memory.dmp