Analysis Overview
SHA256
aaa5ad3087ec9011c36cd77d5611f8d88fe72fc933e2469bad1703344b318767
Threat Level: Shows suspicious behavior
The file a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks BIOS information in registry
Program crash
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:19
Reported
2024-06-12 20:22
Platform
win7-20240419-en
Max time kernel
121s
Max time network
121s
Command Line
Signatures
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\ | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe
start
C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe
watch
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
Files
memory/2148-0-0x000000007EF90000-0x000000007EFAA000-memory.dmp
memory/2148-2-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-3-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/2352-4-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-5-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-6-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/2352-7-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/2352-8-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/2352-9-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-11-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-10-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-13-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-12-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-14-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/2352-17-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/2352-18-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/2352-19-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-22-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-23-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-26-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/3036-36-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/2352-42-0x0000000000400000-0x00000000004CE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:19
Reported
2024-06-12 20:22
Platform
win10v2004-20240508-en
Max time kernel
43s
Max time network
52s
Command Line
Signatures
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
Program crash
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\ | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4268 -ip 4268
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 700
C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe
start
C:\Users\Admin\AppData\Local\Temp\a22cfe45e6506faed5a82de112d6d6e9_JaffaCakes118.exe
watch
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4460 -ip 4460
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4488 -ip 4488
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 700
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
| US | 8.8.8.8:53 | bkjyuokuybiyp.increase-sixty.ru | udp |
Files
memory/4268-0-0x000000007FE30000-0x000000007FE4A000-memory.dmp
memory/4268-1-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4268-4-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4268-3-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-5-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-6-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-7-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-8-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-9-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-11-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-12-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-18-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-17-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-16-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-15-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-14-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-13-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-10-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-23-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-22-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-21-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-20-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-19-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-24-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-25-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-34-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-33-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-32-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-31-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-30-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-29-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-28-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-27-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-26-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-37-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-38-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-40-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-39-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-43-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-45-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-54-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-58-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-57-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-56-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-55-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-53-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-52-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-51-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-50-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-49-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-48-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-47-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-46-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-44-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-59-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-61-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-67-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-66-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-65-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-64-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-63-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-62-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-60-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-68-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-69-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-75-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-74-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-73-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-72-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-71-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-70-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-77-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-78-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-80-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-82-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-81-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4460-79-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-84-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-93-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-92-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-91-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-90-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-89-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-88-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-87-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-86-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-85-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-97-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-98-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-96-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-95-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4488-94-0x0000000000400000-0x00000000004CE000-memory.dmp