Malware Analysis Report

2024-10-10 12:12

Sample ID 240613-2jf8qsxbkp
Target a6ebbcad3f889b808223dee636cd576f_JaffaCakes118
SHA256 1287c04cfd5abfa228b3fb7ba117d9917f5c337c1586c38a89cd05f15cb014f4
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

1287c04cfd5abfa228b3fb7ba117d9917f5c337c1586c38a89cd05f15cb014f4

Threat Level: Shows suspicious behavior

The file a6ebbcad3f889b808223dee636cd576f_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Checks installed software on the system

Drops file in Windows directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 22:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 22:36

Reported

2024-06-13 22:39

Platform

win7-20240508-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe"

Signatures

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\HiDef.job C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ringmynorth.biz udp
US 8.8.8.8:53 allmodel-pro.com udp
US 8.8.8.8:53 parentmodel.biz udp
US 8.8.8.8:53 fullset.info udp

Files

memory/1792-2-0x00000000001B0000-0x00000000001B1000-memory.dmp

memory/1792-1-0x0000000000030000-0x0000000000031000-memory.dmp

memory/1792-0-0x0000000000020000-0x0000000000021000-memory.dmp

memory/1792-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/1792-4-0x00000000001D0000-0x00000000001F0000-memory.dmp

memory/1792-5-0x0000000000210000-0x000000000023F000-memory.dmp

memory/1792-9-0x00000000001D0000-0x00000000001F0000-memory.dmp

memory/1792-17-0x00000000001D0000-0x00000000001F0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 22:36

Reported

2024-06-13 22:39

Platform

win10v2004-20240508-en

Max time kernel

51s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\HiDef.job C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ringmynorth.biz udp
US 8.8.8.8:53 allmodel-pro.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 parentmodel.biz udp
US 8.8.8.8:53 fullset.info udp

Files

memory/1784-2-0x0000000000400000-0x0000000000401000-memory.dmp

memory/1784-1-0x00000000003F0000-0x00000000003F1000-memory.dmp

memory/1784-3-0x0000000000540000-0x0000000000541000-memory.dmp

memory/1784-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

memory/1784-4-0x0000000000550000-0x0000000000570000-memory.dmp

memory/1784-9-0x0000000000550000-0x0000000000570000-memory.dmp

memory/1784-5-0x0000000001950000-0x000000000197F000-memory.dmp

memory/1784-17-0x0000000000550000-0x0000000000570000-memory.dmp