963ddb082865800faba814f10620276ca857559a8c21c63f83c9b704a841d995

Analysis

max time kernel
128s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 07:14 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe
Size

313KB
MD5

6a2624f6e921eb3362330cacb7e4a8e6
SHA1

d87712a9f171d01ac7172e002eb462123cd606a5
SHA256

963ddb082865800faba814f10620276ca857559a8c21c63f83c9b704a841d995
SHA512

52aa2fe7332915f19927fed02d5f74cdf89f2510331bbcf7cdbe1cc2dc6e0d6fc278b397d6d39e897ca0a2a7e15d008c4542d422f8079582f02d39ff146f58be
SSDEEP

6144:vrK9uEo2S1YnQmCX492DkwNP3qpYFtcM7dZssr+Ixf6LuDTKD2ay9KGYG0LO:vryu6/eIo4vMResyEf0uP9d9UG0O

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1548	6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe
1548	6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe
1548	6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1548	6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1548	6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1548

Network

DNS

c1.getapplicationmy.info

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

c1.getapplicationmy.info

IN A

Response

c1.getapplicationmy.info

IN A

108.59.12.100
DNS

r1.getapplicationmy.info

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

r1.getapplicationmy.info

IN A

Response

r1.getapplicationmy.info

IN A

94.229.72.125
GET

http://c1.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

108.59.12.100:80

Request

GET /?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c1.getapplicationmy.info
Cache-Control: no-cache

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Thu, 23 May 2024 07:14:07 GMT
server: nginx
set-cookie: sid=0b5d6b28-18d4-11ef-8644-a07bbead4dd5; path=/; domain=.getapplicationmy.info; expires=Tue, 10 Jun 2092 10:28:14 GMT; max-age=2147483647; HttpOnly
POST

http://r1.getapplicationmy.info/?report_version=5&

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

94.229.72.125:80

Request

POST /?report_version=5& HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: TixDll
Host: r1.getapplicationmy.info
Content-Length: 1868
Cache-Control: no-cache

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Thu, 23 May 2024 07:14:06 GMT
server: nginx
set-cookie: sid=0b4e294e-18d4-11ef-b230-1cd861cad081; path=/; domain=.getapplicationmy.info; expires=Tue, 10 Jun 2092 10:28:14 GMT; max-age=2147483647; HttpOnly
DNS

r2.getapplicationmy.info

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

r2.getapplicationmy.info

IN A

Response

r2.getapplicationmy.info

IN A

94.229.72.125
POST

http://r2.getapplicationmy.info/?report_version=5&

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

94.229.72.125:80

Request

POST /?report_version=5& HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: TixDll
Host: r2.getapplicationmy.info
Content-Length: 1868
Cache-Control: no-cache
Cookie: sid=0b4e294e-18d4-11ef-b230-1cd861cad081

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Thu, 23 May 2024 07:14:06 GMT
server: nginx
DNS

c2.getapplicationmy.info

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

c2.getapplicationmy.info

IN A

Response

c2.getapplicationmy.info

IN A

94.229.72.125
GET

http://c2.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

94.229.72.125:80

Request

GET /?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c2.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=0b5d6b28-18d4-11ef-8644-a07bbead4dd5

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Thu, 23 May 2024 07:14:06 GMT
server: nginx
GET

http://c1.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

108.59.12.100:80

Request

GET /?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c1.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=0b5d6b28-18d4-11ef-8644-a07bbead4dd5

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Thu, 23 May 2024 07:14:12 GMT
server: nginx
GET

http://c2.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

94.229.72.125:80

Request

GET /?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c2.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=0b5d6b28-18d4-11ef-8644-a07bbead4dd5

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Thu, 23 May 2024 07:14:21 GMT
server: nginx
GET

http://c1.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

108.59.12.100:80

Request

GET /?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c1.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=0b5d6b28-18d4-11ef-8644-a07bbead4dd5

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Thu, 23 May 2024 07:14:26 GMT
server: nginx
GET

http://c2.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

Remote address:

94.229.72.125:80

Request

GET /?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c2.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=0b5d6b28-18d4-11ef-8644-a07bbead4dd5

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Thu, 23 May 2024 07:14:29 GMT
server: nginx

108.59.12.100:80

http://c1.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

http

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

663 B
560 B
5
5

HTTP Request

GET http://c1.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

HTTP Response

429
94.229.72.125:80

http://r1.getapplicationmy.info/?report_version=5&

http

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

2.4kB
640 B
7
7

HTTP Request

POST http://r1.getapplicationmy.info/?report_version=5&

HTTP Response

429
94.229.72.125:80

http://r2.getapplicationmy.info/?report_version=5&

http

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

2.4kB
478 B
7
7

HTTP Request

POST http://r2.getapplicationmy.info/?report_version=5&

HTTP Response

429
94.229.72.125:80

http://c2.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

http

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

713 B
398 B
5
5

HTTP Request

GET http://c2.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

HTTP Response

429
108.59.12.100:80

http://c1.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

http

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

713 B
398 B
5
5

HTTP Request

GET http://c1.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

HTTP Response

429
94.229.72.125:80

http://c2.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

http

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

813 B
398 B
7
5

HTTP Request

GET http://c2.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

HTTP Response

429
108.59.12.100:80

http://c1.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

http

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

713 B
398 B
5
5

HTTP Request

GET http://c1.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

HTTP Response

429
94.229.72.125:80

http://c2.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

http

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

765 B
398 B
6
5

HTTP Request

GET http://c2.getapplicationmy.info/?step_id=1&installer_id=4501921162922162891&publisher_id=725&source_id=0&page_id=0&affiliate_id=0&country_code=US&locale=EN&browser_id=0&download_id=7261087217617317443&external_id=0&session_id=3766901543001957689&hardware_id=10486737711659668667&installer_file_name=linguaphone&id=index.html&filesize=&product_name=Your+File

HTTP Response

429

8.8.8.8:53

c1.getapplicationmy.info

dns

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

70 B
86 B
1
1

DNS Request

c1.getapplicationmy.info

DNS Response

108.59.12.100
8.8.8.8:53

r1.getapplicationmy.info

dns

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

70 B
86 B
1
1

DNS Request

r1.getapplicationmy.info

DNS Response

94.229.72.125
8.8.8.8:53

r2.getapplicationmy.info

dns

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

70 B
86 B
1
1

DNS Request

r2.getapplicationmy.info

DNS Response

94.229.72.125
8.8.8.8:53

c2.getapplicationmy.info

dns

6a2624f6e921eb3362330cacb7e4a8e6_JaffaCakes118.exe

70 B
86 B
1
1

DNS Request

c2.getapplicationmy.info

DNS Response

94.229.72.125

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Tsu3D3A6F00.dll

Filesize
269KB

MD5
af7ce801c8471c5cd19b366333c153c4

SHA1
4267749d020a362edbd25434ad65f98b073581f1

SHA256
cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

SHA512
88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

Download Submit
\Users\Admin\AppData\Local\Temp\{F53292C2-02D5-4601-A4EA-4AF72ED1B034}\Custom.dll

Filesize
91KB

MD5
c9d3d86ee95ae4d20c80de9ddaa8fa40

SHA1
5f0546ec86f3e27f0eec4d5d5451edc630907654

SHA256
b34ca5ec63459956e72289b6b1d85891377c4ef451b48f42d92ab7d1aad117a9

SHA512
ea895f339e31432497401782a17275cecda18286a158ad191dc1a5c2c3c541205c679689a74ff46c4e4861c7e6d87bf862e54049b419675cadaeea76c400b186

Download Submit
\Users\Admin\AppData\Local\Temp\{F53292C2-02D5-4601-A4EA-4AF72ED1B034}\_Setup.dll

Filesize
170KB

MD5
1aabcda403b1a6801317ef9921e80c91

SHA1
082d05c392a00a6045afabc6aece91e5879cbdcc

SHA256
09cd996ee6e10242e7fa0052c7599b293f4ea28b235d270a6bc253d03ffff467

SHA512
a35975b65372335aff47565bb104f918f089c5bc452e5107a8d767b03350a2a7155e8632c54d28f7dc1d79eb637fabb9ad2e0975fef5c86f902d2f35dcd240ae

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.