Malware Analysis Report

2025-01-06 10:33

Sample ID 240601-d44mrsge2v
Target 89401bbd6861779597b9a4d70146cb17_JaffaCakes118
SHA256 88b67f7a181723a120bf4c3afba3b63d5b66c7bcf2d27e3bc42708cc61948c51
Tags
evasion trojan
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

88b67f7a181723a120bf4c3afba3b63d5b66c7bcf2d27e3bc42708cc61948c51

Threat Level: Shows suspicious behavior

The file 89401bbd6861779597b9a4d70146cb17_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion trojan

Checks whether UAC is enabled

Unsigned PE

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 03:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 03:34

Reported

2024-06-01 03:37

Platform

win7-20240221-en

Max time kernel

122s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083783e28197b0c41b0bd6d224d8df397000000000200000000001066000000010000200000005b23bae390ac28b935f7fa5b9b8634ed25b2cebca14b79987a7c59ec35d48e47000000000e8000000002000020000000a18dd8fbfe76f18fa4154b4b8b824ea45537fa8444c34bd92ddef201014a46fb9000000090a2f5c07fe3472f212763e01ea79f067b5931083a40a8e86904495272eeb27ff6bc172e68903419bc1949a48b933f997e59feac73ccebcf81022d53ef25b7a4747a2a213749e18e34eea2923cdf0d1d57238dc59e68d93aff1abbdb14b43a629553a813d7b5560751d1a61b2ce36aa25240016c06f30fddd4e35d4c1029b4bf6f3fc3e513888f784bc333ad1d7c7de54000000023ab4ae6f178cba8d662f1aa0fdbbfafb360feb1aea4ffe04438334bcc93bdb28511bc022bb282d17466d3f1cd563cd22bf0270c45ec391d8961b9c4eb6edc9f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F210B971-1FC7-11EF-ACCC-D20227E6D795} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423374777" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ca04e0d4b3da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000083783e28197b0c41b0bd6d224d8df397000000000200000000001066000000010000200000007aff08294b3f5ca337b42d7fdba006842823fc1a0a4b0953653dc598aa96772b000000000e8000000002000020000000e9d3ed45118a63df8a027bd55e33b00e43fab8891a0db708f85adf0ab14d641b200000007fe58a6833ed9db9137efae96f4e7b82a51c2db1e203f2985e45eca64230553940000000c9058efc9fba8922dd74be15d784938e922d64630c11a1a1042df62171f399db65aed52591076d85c4cf54784690ad39f415713577e4bff5066764005bac8981 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=786

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.fenomen-games.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 159.65.253.100:80 www.fenomen-games.com tcp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2020-0-0x0000000000400000-0x000000000055F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FG.url

MD5 0fcf82b5a915470e8a79d3516f582a36
SHA1 75f81b41607905b231521243129aff3554a58db0
SHA256 076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4
SHA512 adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

C:\Users\Admin\AppData\Local\Temp\Cab7D3E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7E2F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8bba9b78b7e2028f1f64016a32f46cd
SHA1 d21dc503c26b78571d25ea123496ba344095a8fa
SHA256 4d2b3cb914cf3d2fb1a006654663557550fa4c5120dd1d78ab3c566d55619310
SHA512 777482c9be0094c56009946ecfca5300305974765a317580870bc3bd7fcddd3534405da28161685337fa6d4b6d33fff32bcb9fd9204d1391c6f48a8a300ccc7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c14130209993e3c9c591c882a491adaa
SHA1 e454c10da446bd8fb788cacd06a45097f7fa6353
SHA256 a08d26320af2f77f5d09e10293da8ff453c2b677f270c07d26bec414cd073d56
SHA512 459f7fec57349d106e79a2a9256d9471fb8b75b62bf4b570e4198809a9abf83cbaf62db56915009c48d8293d5b801e5839c264006acb950c1e1ed367a7c25f79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b25283111f06cc092b3e411897c0cc9e
SHA1 9b31d93f79c4ece67ba02681d9503cc7d79530e6
SHA256 d6ca899e12aedc22bd87f2bd1ebe91353e0a61a70be4960a620ffe9626eb007d
SHA512 56d8ef5fd7389bec987c4003fd7275b558585d2e2e6b29cccafdc7677bcc9ffd0450fcd88e3cb05b8a606639efc4bdf3799fb1b367ecb6d0d684f364d618aa95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69e8a7f30bcd8320e8e40e9069e67a13
SHA1 1735b8eebb398ec228b33ea87c5a4bfe19a97375
SHA256 4ae8a12149151a8ea9444926951b598589a8c623939b68d556d7770efe7c0af9
SHA512 90c20f6950bfd2506f1d0de9cf13ca224132db76c5ed570228797ff9856d43cd0094a58fc627e95a65957a15c13ba8a5aa58bc351a9a7d1012c7343dffb21493

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a74d58f627ad5031322e13a2856ffd9
SHA1 2307dc1205d909b843fed8cdac2ec5b626f59641
SHA256 34179f15c199049480d548daab2b98a551ec6c7adf2f26065f69298fddd4ed04
SHA512 791b24c3671305fa08a38c90d2c778f19be10c84dac10da6741bdeede064fb937d425ef4e014fb3440587347d1bd24789a9a3515bcf75675caf14d20d829a4a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c8c1868fc3d778e73269be4477dd178
SHA1 f5c2e746a1686866eaec2d632fcd8ff480dfed2d
SHA256 728bb6b2d8464b131452bfbec34d01c165e008350c81cd56a77df28f7189a8ab
SHA512 2d6a228687ea19015033f35fbf22780bf89504670a7adf5066aadd6195f52796abfb874a412de75aa517ac991ca6e13e672af9f1c7600eb7d912a4d3d85b0e72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af3864c5c9e560473305ef92034281fe
SHA1 e056a425e05e84051d33ceb5a17e20d0d96d0c44
SHA256 9732ef5b0df27fe44e6e3dc2650450116471c9eeb3a5673a37e90a67bde66b47
SHA512 748c8b77321e3618a26ad908b640ce9d247ca741b86235791a16b0e4468f5d8adb44c2df71beb823cf4dcdca07cb464670546498b1478539b5801caa249e2224

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6228aee2f3549236be7fe195e7747744
SHA1 b704ed690b11868ce7e9ed1ab7dac3ec4d801177
SHA256 d3e3d28b45bfddff713661cd4c06a5639ab76f46fa2637a8a2ec239c770d8ab9
SHA512 5d2fd57d87d3685973c4ac84f548e306796bf852972c4d8c876e287df41956e96ce0adec65c2e568b0a06606e0d5041dec0326f67ed3c3afc1a71ecf92fc7397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be958274c93d69168cea0f518da2363c
SHA1 74bf515ea8ea9afe6fefcec411a421682af414cb
SHA256 3da5fbae1dff44c8ab76cefa06185a28eefe387d551f7e48e25fc5e43fc3869f
SHA512 f7e615724a01ccfb28e39ff82eb0cca2547fc0527c0c74125a4ebc0fa1d864bf92f30f7b5df3bf5107b6124d8375116697501ef2da0d1884834e8b6cfbbaf663

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bc901d513461e8d6f288ab16253af0f
SHA1 61a1fc25c52c4e4457a47af2f150f58cb4f7891b
SHA256 b8dd37e4b337498ea1d868fec0fbae8a4a5bc0ed197157fd48f240930cd33be4
SHA512 3cbad66398843576b458e6ce6da8a3ccca0755a280ef2403af08e9011e1b269a4fde5df46dba0dfa3fc237cd205693ff7b4e6a4184a56f2212072628461b7b37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbf7620b55b8ab3dea51d5a15af8864f
SHA1 7a6be14083068aa12ffa8ece43469b12f8da60d2
SHA256 6da846d7d03607fe05b4f92fe52b11306eed7aaa9fb92e781050f28e91909b84
SHA512 3bbbf59c768aad0ae25d050b983171973dc3427a94e38579b6166b6180734d617aba2b67708dc7c16605672ef5a36c2479d0a8b3e5c537a2c5f650ccadd9f820

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7c5c9f52fb46fbfcde6761d3870fcd6
SHA1 3da8fc907927eec4ce9549b373330851e37c66ef
SHA256 c8baddb79ec5a2b38145c218aa27ebeda4cdfc5333a0f61f34e0e3e59054f7d2
SHA512 457a0b7263ee019a1e1d7bff596956ab6c7d3331368a0e5d68c9cf3bb63f15a8ae427fd9fe3d45f52e5875d819d35880b1fe5ddb5c321bec5ada8029bd5aefc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c29154eef4cc4547057f2de797f812e4
SHA1 6246c2f20389bc5f1c7ed31ee498286f0b331071
SHA256 5df2a068d7196affa9befeaf93e338c18b01db05dfb8adef9c5f7f61bd11c996
SHA512 28d0417704b90715d546aae918f33634b220a17f6167ae0f1afe7d78c1dc45e48f7fed2809051320090f811ca3c4411d81c90f683f6413491e9d3a81cabc2bd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 815a25b5f95dc1fe19d025bf17bd708b
SHA1 26600703540a30b8a6932ddc6547baf96b7b225e
SHA256 ffbef943e5e9e5169c2961fd2e978a0622a81d744fdcf20dd6e254ae4fc22e20
SHA512 fd1eb88479c2e9ead48f4eb8be898a159559eee7b9ff85a9fba12bfd12b00399fa961611a31132767482032e4a1b39bc31cf2056108572078e7cec47e1997a03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a5db02cf5f934ee34cca3241522b940
SHA1 355e6e3360a57a529b775f74b7f8e5c9ed250d44
SHA256 b2f3efc00475492fb1b85250c3e318467aa8136dee71f568a302e19de9588c0a
SHA512 df2cf8b35a340064ab97457f6c7896e21c9c7716715809115e20056998d13b5c7451a7fc1dc99a4ce0d45d98dc3e3662b538bf4e063e42e0096cc04061fa36ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f80e3b13a0258a71dd5eaa35e6ac49e8
SHA1 56f354e4a5ceeb750498e387762746eab0bff370
SHA256 0a68d3af76745439068a41fedd8f1969a0f73070319fa6dc4e4d0f28153fc26c
SHA512 ef27ad7488411143dbe1e55fb07b699da66218a7431721da6c65d051f548ebbc6862746a986f6a0134f6faff3ce388f3324cca0a0b100b094436ab88fd96bd0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6d5e31b07acc5de61fbd2bc70e1b736
SHA1 04e2ad74a873459f522f616cb61f022111bbc523
SHA256 e92dd16388ffc26d5be8217aa8aec797ddbd0cc0883d5891860345ad3b409047
SHA512 041ab3d4c257151032f53b4b853c1e287d7b43f9d1b8f071dfedad7743c25d69942f1be7f68366975de7d8205748a448e6ced63ef7dbd4f1a1863edb4d7c4c8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51ec03a924d73d4296dbd89ee2895e5a
SHA1 c7f672797e4087019b073d374dd99e1c54a3005c
SHA256 8445e2d5983e7d7a3ed701704eba22342c8b09e39a486d4a69aa403e8e3d04e0
SHA512 1751bc7320850d14c35830e3cd5fc967be0f5698296f61ce3333f99e8d1bcea2de1e4c7611674fd01d26f7ef486a9162fde55b0ac9958f81fe3b6c86da5bdf35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71ed58b56327a4b1fac815d66cd38601
SHA1 fdf9139df9baebc80068ab12102d0d7de19ad4e0
SHA256 3894536fbf250f9ce6d72a41e4449b1242f4220ffb5c04bc579e89679dae9da3
SHA512 d9703bb7ece912f28a20528809ee38058c15592fedf6a637eb853266b2eddc892d5dbf054bf587dffabace7653420f8f31e19d0343f2d39cf2cbcb30a951d295

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 03:34

Reported

2024-06-01 03:37

Platform

win10v2004-20240426-en

Max time kernel

93s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe N/A

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.fenomen-games.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 159.65.253.100:80 www.fenomen-games.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 100.253.65.159.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/5044-0-0x0000000000400000-0x000000000055F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FG.url

MD5 b32e479bd009ed83990c9673269a8679
SHA1 c90602796792d73b8e14df593d28c88639957537
SHA256 4da0710275fe2edc624ceae921dfed794450221c88daaac73467fc885cff1a3b
SHA512 d29415020d7ddc493ac36ad2351414523f9804f3031a50c6bfded58d8b9a83f13877ae73571e9dcc50eedd7014230196313dfab8618e587e118ae6ba4d94db12