Analysis Overview
SHA256
9915c2c1f03c3d7ce45cd65a5d5466d6ea572bb6e4a621edf924a6f43f97a0df
Threat Level: Shows suspicious behavior
The file 51809024d5f16499690fcf02eb2551f8_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Loads dropped DLL
Unsigned PE
Enumerates physical storage devices
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-17 21:11
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 21:11
Reported
2024-05-17 21:14
Platform
win7-20240221-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe"
Network
Files
\Archivos de programa\Unico - Ventas\Actualizador.exe
| MD5 | 179723f68097a5393d500fb0f6a1df80 |
| SHA1 | b6be352431f1085cb8b4dce013aea0870b3f2ddf |
| SHA256 | 486cd452e402432281f24666d36512c0d389e23df101690353d29ce22cc64700 |
| SHA512 | c99b0d4179764968e3a607486b0bfe9617f4e7346abf1e435d56634bbd17296e64160b3df501fe39f49c6ba80891b6c16456e9c91b3a8541d9c9d2af8362713d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-17 21:11
Reported
2024-05-17 21:14
Platform
win10v2004-20240426-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\51809024d5f16499690fcf02eb2551f8_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |