Analysis Overview
SHA256
1287c04cfd5abfa228b3fb7ba117d9917f5c337c1586c38a89cd05f15cb014f4
Threat Level: Shows suspicious behavior
The file a6ebbcad3f889b808223dee636cd576f_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks installed software on the system
Drops file in Windows directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:36
Reported
2024-06-13 22:39
Platform
win7-20240508-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\HiDef.job | C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ringmynorth.biz | udp |
| US | 8.8.8.8:53 | allmodel-pro.com | udp |
| US | 8.8.8.8:53 | parentmodel.biz | udp |
| US | 8.8.8.8:53 | fullset.info | udp |
Files
memory/1792-2-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/1792-1-0x0000000000030000-0x0000000000031000-memory.dmp
memory/1792-0-0x0000000000020000-0x0000000000021000-memory.dmp
memory/1792-3-0x00000000001C0000-0x00000000001C1000-memory.dmp
memory/1792-4-0x00000000001D0000-0x00000000001F0000-memory.dmp
memory/1792-5-0x0000000000210000-0x000000000023F000-memory.dmp
memory/1792-9-0x00000000001D0000-0x00000000001F0000-memory.dmp
memory/1792-17-0x00000000001D0000-0x00000000001F0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 22:36
Reported
2024-06-13 22:39
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
52s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\HiDef.job | C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a6ebbcad3f889b808223dee636cd576f_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ringmynorth.biz | udp |
| US | 8.8.8.8:53 | allmodel-pro.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | parentmodel.biz | udp |
| US | 8.8.8.8:53 | fullset.info | udp |
Files
memory/1784-2-0x0000000000400000-0x0000000000401000-memory.dmp
memory/1784-1-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/1784-3-0x0000000000540000-0x0000000000541000-memory.dmp
memory/1784-0-0x00000000003E0000-0x00000000003E1000-memory.dmp
memory/1784-4-0x0000000000550000-0x0000000000570000-memory.dmp
memory/1784-9-0x0000000000550000-0x0000000000570000-memory.dmp
memory/1784-5-0x0000000001950000-0x000000000197F000-memory.dmp
memory/1784-17-0x0000000000550000-0x0000000000570000-memory.dmp