Analysis Overview
SHA256
0dedfedf8846e250eb7d30173d94721aa80d639f227b1ac64e6c25d676309386
Threat Level: Known bad
The file 758ba9aaaf4a63e23d5b9ffb627f2b84_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
MetaSploit
Metasploit family
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-05-26 12:55
Signatures
Metasploit family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 12:55
Reported
2024-05-26 13:45
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\758ba9aaaf4a63e23d5b9ffb627f2b84_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\758ba9aaaf4a63e23d5b9ffb627f2b84_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| VE | 167.250.49.155:5555 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 2.17.178.52.in-addr.arpa | udp |
Files
memory/4744-0-0x0000000000870000-0x0000000000871000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 12:55
Reported
2024-05-26 13:44
Platform
win7-20240221-en
Max time kernel
147s
Max time network
148s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\758ba9aaaf4a63e23d5b9ffb627f2b84_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\758ba9aaaf4a63e23d5b9ffb627f2b84_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| VE | 167.250.49.155:5555 | tcp |
Files
memory/1952-0-0x0000000000020000-0x0000000000021000-memory.dmp