Malware Analysis Report

2025-06-16 07:18

Sample ID 240602-b3abesfb27
Target 8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118
SHA256 4a0298331cb3448eb2c136cc1155df8c1207302185bddce0f175ab744c69805a
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4a0298331cb3448eb2c136cc1155df8c1207302185bddce0f175ab744c69805a

Threat Level: Shows suspicious behavior

The file 8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Loads dropped DLL

Executes dropped EXE

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:39

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:39

Reported

2024-06-02 01:42

Platform

win10v2004-20240508-en

Max time kernel

137s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\amigo_ldir_2280_23906\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\amigo_ldir_2280_23906\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe --wi=1 --arf=mngms --psi=900001 --make-default=0 --attr=814001opsm --rfr=814001 --ext_params=old_mr1lad=58d6d18a6459e020-0-100- --cp

Network

Country Destination Domain Proto
US 8.8.8.8:53 mrds.mail.ru udp
RU 95.163.50.150:80 mrds.mail.ru tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 amigodl.mail.ru udp
RU 217.69.139.106:80 amigodl.mail.ru tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 150.50.163.95.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
RU 217.69.139.106:80 amigodl.mail.ru tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp

Files

C:\Users\Admin\AppData\Local\Temp\amigo_ldir_2280_23906\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe

MD5 8c7d7c054f15a8aefba60dee28133a8d
SHA1 ee7dcc429769c6968fb3703f3458c664c9a20678
SHA256 4a0298331cb3448eb2c136cc1155df8c1207302185bddce0f175ab744c69805a
SHA512 9053629bb9c90b7c845d6115c63975f859f7bc2bc984c116cc986983235ce60fea15a225dae1e182b053a08d373d6ded139483f41253653a3e9ab05a54673860

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:39

Reported

2024-06-02 01:42

Platform

win7-20231129-en

Max time kernel

142s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\amigo_ldir_3060_12370\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\amigo_ldir_3060_12370\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe --wi=1 --arf=mngms --psi=900001 --make-default=0 --attr=814001opsm --rfr=814001 --ext_params=old_mr1lad=58d6d18a6459e020-0-100- --cp

Network

Country Destination Domain Proto
US 8.8.8.8:53 mrds.mail.ru udp
RU 95.163.50.150:80 mrds.mail.ru tcp
US 8.8.8.8:53 amigodl.mail.ru udp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp
RU 217.69.139.106:80 amigodl.mail.ru tcp

Files

\Users\Admin\AppData\Local\Temp\amigo_ldir_3060_12370\8c7d7c054f15a8aefba60dee28133a8d_JaffaCakes118.exe

MD5 8c7d7c054f15a8aefba60dee28133a8d
SHA1 ee7dcc429769c6968fb3703f3458c664c9a20678
SHA256 4a0298331cb3448eb2c136cc1155df8c1207302185bddce0f175ab744c69805a
SHA512 9053629bb9c90b7c845d6115c63975f859f7bc2bc984c116cc986983235ce60fea15a225dae1e182b053a08d373d6ded139483f41253653a3e9ab05a54673860

memory/1992-6-0x0000000000660000-0x0000000000661000-memory.dmp