b4095a24e98dff0154860c6867e164aaaf6e39dd16c02829f797187d8b61a540

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 17:04 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe
Size

313KB
MD5

87b9d4bfe95ca670cc307678e086bcfc
SHA1

dcf0d2c1907c53d56ba948bbc0883f8f4a95334d
SHA256

b4095a24e98dff0154860c6867e164aaaf6e39dd16c02829f797187d8b61a540
SHA512

b3a3c011b15558ce76f3067f6190668e14dd7f9918952f1e2c579f54baa5067053f72aa0c3002f68ddb45a284d24ca419fcb48d188136abc6d8af56541419d2c
SSDEEP

6144:grJ9uEo2S1YnQmCX492DkwNP3qpYFQiY0Z56GICaNRCVEumbcF6ov5d889PgLVDl:grfu6/eIo4jVW5soVCcQovoO0DJM+Eq

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1280	87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe
1280	87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe
1280	87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1280	87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1280	87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1280

Network

DNS

c1.getapplicationmy.info

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

c1.getapplicationmy.info

IN A

Response

c1.getapplicationmy.info

IN A

94.229.72.119
DNS

r1.getapplicationmy.info

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

r1.getapplicationmy.info

IN A

Response

r1.getapplicationmy.info

IN A

199.115.115.118
GET

http://c1.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

94.229.72.119:80

Request

GET /?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c1.getapplicationmy.info
Cache-Control: no-cache

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 31 May 2024 17:04:33 GMT
server: nginx
set-cookie: sid=dad09244-1f6f-11ef-a83a-5b07fc5c4af4; path=/; domain=.getapplicationmy.info; expires=Wed, 18 Jun 2092 20:18:41 GMT; max-age=2147483647; HttpOnly
DNS

c2.getapplicationmy.info

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

c2.getapplicationmy.info

IN A

Response

c2.getapplicationmy.info

IN A

199.115.115.118
POST

http://r1.getapplicationmy.info/?report_version=5&

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

199.115.115.118:80

Request

POST /?report_version=5& HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: TixDll
Host: r1.getapplicationmy.info
Content-Length: 1885
Cache-Control: no-cache

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 31 May 2024 17:04:34 GMT
server: nginx
set-cookie: sid=dae9344d-1f6f-11ef-98d4-e850e460f57e; path=/; domain=.getapplicationmy.info; expires=Wed, 18 Jun 2092 20:18:41 GMT; max-age=2147483647; HttpOnly
GET

http://c2.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

199.115.115.118:80

Request

GET /?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c2.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=dad09244-1f6f-11ef-a83a-5b07fc5c4af4

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 31 May 2024 17:04:34 GMT
server: nginx
DNS

r2.getapplicationmy.info

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

8.8.8.8:53

Request

r2.getapplicationmy.info

IN A

Response

r2.getapplicationmy.info

IN A

94.229.72.119
POST

http://r2.getapplicationmy.info/?report_version=5&

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

94.229.72.119:80

Request

POST /?report_version=5& HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: TixDll
Host: r2.getapplicationmy.info
Content-Length: 1885
Cache-Control: no-cache
Cookie: sid=dae9344d-1f6f-11ef-98d4-e850e460f57e

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 31 May 2024 17:04:34 GMT
server: nginx
GET

http://c1.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

94.229.72.119:80

Request

GET /?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c1.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=dae9344d-1f6f-11ef-98d4-e850e460f57e

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 31 May 2024 17:04:39 GMT
server: nginx
GET

http://c2.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

199.115.115.118:80

Request

GET /?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c2.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=dae9344d-1f6f-11ef-98d4-e850e460f57e

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 31 May 2024 17:04:39 GMT
server: nginx
GET

http://c1.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

94.229.72.119:80

Request

GET /?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c1.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=dae9344d-1f6f-11ef-98d4-e850e460f57e

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 31 May 2024 17:04:44 GMT
server: nginx
GET

http://c2.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

Remote address:

199.115.115.118:80

Request

GET /?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize= HTTP/1.1
Accept: */*
User-Agent: TixDll
Host: c2.getapplicationmy.info
Cache-Control: no-cache
Cookie: sid=dae9344d-1f6f-11ef-98d4-e850e460f57e

Response

HTTP/1.1 429 Too Many Requests

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 17
date: Fri, 31 May 2024 17:04:44 GMT
server: nginx

94.229.72.119:80

http://c1.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

http

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

774 B
560 B
5
5

HTTP Request

GET http://c1.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

HTTP Response

429
199.115.115.118:80

http://r1.getapplicationmy.info/?report_version=5&

http

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

2.4kB
640 B
7
7

HTTP Request

POST http://r1.getapplicationmy.info/?report_version=5&

HTTP Response

429
199.115.115.118:80

http://c2.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

http

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

824 B
398 B
5
5

HTTP Request

GET http://c2.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

HTTP Response

429
94.229.72.119:80

http://r2.getapplicationmy.info/?report_version=5&

http

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

2.4kB
438 B
7
6

HTTP Request

POST http://r2.getapplicationmy.info/?report_version=5&

HTTP Response

429
94.229.72.119:80

http://c1.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

http

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

824 B
398 B
5
5

HTTP Request

GET http://c1.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

HTTP Response

429
199.115.115.118:80

http://c2.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

http

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

824 B
398 B
5
5

HTTP Request

GET http://c2.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

HTTP Response

429
94.229.72.119:80

http://c1.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

http

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

824 B
398 B
5
5

HTTP Request

GET http://c1.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

HTTP Response

429
199.115.115.118:80

http://c2.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

http

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

824 B
398 B
5
5

HTTP Request

GET http://c2.getapplicationmy.info/?step_id=1&installer_id=5181373612011496056&publisher_id=724&source_id=0&page_id=0&affiliate_id=revizer&country_code=US&locale=EN&browser_id=0&download_id=5842011085818693259&external_id=0&session_id=5539316483011855935&hardware_id=5987857278371235121&q=Red+Hibisca+-+Live+From+BoundCon&q=Red&product_name=Red+Hibisca+-+Live+From+BoundCon&installer_file_name=Red+Hibisca+-+Live+From+BoundCon&id=index.html&affiliate_id=revizer&filesize=

HTTP Response

429

8.8.8.8:53

c1.getapplicationmy.info

dns

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

70 B
86 B
1
1

DNS Request

c1.getapplicationmy.info

DNS Response

94.229.72.119
8.8.8.8:53

r1.getapplicationmy.info

dns

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

70 B
86 B
1
1

DNS Request

r1.getapplicationmy.info

DNS Response

199.115.115.118
8.8.8.8:53

c2.getapplicationmy.info

dns

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

70 B
86 B
1
1

DNS Request

c2.getapplicationmy.info

DNS Response

199.115.115.118
8.8.8.8:53

r2.getapplicationmy.info

dns

87b9d4bfe95ca670cc307678e086bcfc_JaffaCakes118.exe

70 B
86 B
1
1

DNS Request

r2.getapplicationmy.info

DNS Response

94.229.72.119

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Tsu6A8DB7C8.dll

Filesize
269KB

MD5
af7ce801c8471c5cd19b366333c153c4

SHA1
4267749d020a362edbd25434ad65f98b073581f1

SHA256
cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

SHA512
88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

Download Submit
\Users\Admin\AppData\Local\Temp\{EA024C3F-16D1-462C-A4C7-5EF331E16EC9}\Custom.dll

Filesize
91KB

MD5
396573acf88c363e3406677f3353d886

SHA1
95d078a2ff0eb1a884b932e08805cf178796b19b

SHA256
e269f87987fb85313f0d1b276656020470b04e5e545784f5b3e03f9ca611b482

SHA512
a5a0c72287044ebeba9ec45f46716592b945479a219b71a78e070f842a6d1c9c0c79d253946bf793b19b9dbbc2b05459ff7fdb0efaadc474c0b5190d828cc6b6

Download Submit
\Users\Admin\AppData\Local\Temp\{EA024C3F-16D1-462C-A4C7-5EF331E16EC9}\_Setup.dll

Filesize
169KB

MD5
4e96799dae53f059efc83a26d1a3e0f1

SHA1
d4ce1ea0710338d4113e4079882d5995f2e1d23b

SHA256
0b705033c702abe5165a1017ea922465bb4600c34708bd3275d13c766669cf7c

SHA512
ad6328bd01d90cc8075467cc6b59808c39b59e99d61eeaa66039f4e614fba4b6b720f8ac2ca6e17ff05aa33ed3230ff73180340edfdd8221de699fe0fbefee81

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.