Analysis Overview
SHA256
068bef8e19d6a2dd7c6b801b458d075c188c6f21c8825b5d86b00645528c3f87
Threat Level: Shows suspicious behavior
The file 9354b2e749d11f48d80bfd92219fa387_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks installed software on the system
Drops file in Windows directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 01:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 01:50
Reported
2024-06-04 01:53
Platform
win7-20240215-en
Max time kernel
118s
Max time network
120s
Command Line
Signatures
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\PCMaster.job | C:\Users\Admin\AppData\Local\Temp\9354b2e749d11f48d80bfd92219fa387_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9354b2e749d11f48d80bfd92219fa387_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9354b2e749d11f48d80bfd92219fa387_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | full-set.link | udp |
| US | 8.8.8.8:53 | allmodel-pro.com | udp |
| US | 204.11.56.48:80 | allmodel-pro.com | tcp |
| US | 8.8.8.8:53 | parentmodel.biz | udp |
| US | 8.8.8.8:53 | get-multiple.link | udp |
Files
memory/2900-0-0x0000000000020000-0x0000000000021000-memory.dmp
memory/2900-2-0x0000000000130000-0x0000000000131000-memory.dmp
memory/2900-1-0x0000000000030000-0x0000000000031000-memory.dmp
memory/2900-3-0x0000000000150000-0x0000000000170000-memory.dmp
memory/2900-4-0x0000000000140000-0x0000000000141000-memory.dmp
memory/2900-9-0x0000000000150000-0x0000000000170000-memory.dmp
memory/2900-5-0x0000000001240000-0x000000000126F000-memory.dmp
memory/2900-17-0x0000000000150000-0x0000000000170000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-04 01:50
Reported
2024-06-04 01:53
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
103s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\PCMaster.job | C:\Users\Admin\AppData\Local\Temp\9354b2e749d11f48d80bfd92219fa387_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9354b2e749d11f48d80bfd92219fa387_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9354b2e749d11f48d80bfd92219fa387_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | allmodel-pro.com | udp |
| US | 8.8.8.8:53 | full-set.link | udp |
| US | 8.8.8.8:53 | parentmodel.biz | udp |
| US | 8.8.8.8:53 | get-multiple.link | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
memory/1780-0-0x0000000000D50000-0x0000000000D51000-memory.dmp
memory/1780-2-0x0000000000D70000-0x0000000000D71000-memory.dmp
memory/1780-1-0x0000000000D60000-0x0000000000D61000-memory.dmp
memory/1780-3-0x0000000000D90000-0x0000000000DB0000-memory.dmp
memory/1780-4-0x0000000000D80000-0x0000000000D81000-memory.dmp
memory/1780-9-0x0000000000D90000-0x0000000000DB0000-memory.dmp
memory/1780-5-0x0000000001580000-0x00000000015AF000-memory.dmp
memory/1780-17-0x0000000000D90000-0x0000000000DB0000-memory.dmp