Analysis Overview
SHA256
449e8c0dbb25b3b4c393f4e3f761ba0c9b05e63f00e27fc65b406703bd1c4346
Threat Level: Shows suspicious behavior
The file a3f02b28e723d18556396300ec0db7d3_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Checks installed software on the system
Maps connected drives based on registry
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:14
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:14
Reported
2024-06-13 05:16
Platform
win7-20240611-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
Checks installed software on the system
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | c1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | r1.getapplicationmy.info | udp |
| GB | 94.229.72.123:80 | c1.getapplicationmy.info | tcp |
| US | 207.244.76.131:80 | r1.getapplicationmy.info | tcp |
| US | 8.8.8.8:53 | c2.getapplicationmy.info | udp |
| US | 207.244.76.131:80 | c2.getapplicationmy.info | tcp |
| US | 8.8.8.8:53 | r2.getapplicationmy.info | udp |
| GB | 94.229.72.123:80 | r2.getapplicationmy.info | tcp |
| GB | 94.229.72.123:80 | r2.getapplicationmy.info | tcp |
| US | 207.244.76.131:80 | c2.getapplicationmy.info | tcp |
| GB | 94.229.72.123:80 | r2.getapplicationmy.info | tcp |
| US | 207.244.76.131:80 | c2.getapplicationmy.info | tcp |
Files
\Users\Admin\AppData\Local\Temp\Tsu7F198CCA.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
\Users\Admin\AppData\Local\Temp\{C2D2F786-50CD-4F6C-AD87-18EF1931D570}\_Setup.dll
| MD5 | a475792794328d8a503568cbe38e8531 |
| SHA1 | 47e5c4857f272898ed515e939f92cb9243b2ce2e |
| SHA256 | 2cd6c67a711059c2245615d80ee0e7d44a003b66d5577513b1dfb1bd7f1e7312 |
| SHA512 | 3ea14ace569233dd69e730b4dfae4f1292d2e950aa26aceeae78715d0831ff6919d1bbf7c70ec256dd8a5db7f2d09ea4f29a564c125b54fdf8c7de2c78631184 |
\Users\Admin\AppData\Local\Temp\{C2D2F786-50CD-4F6C-AD87-18EF1931D570}\Custom.dll
| MD5 | 736682c6d96bb1edc84e77041faae33d |
| SHA1 | f8f6e20cd2aa23010b85ea289c3bc3cbdbc9ae26 |
| SHA256 | 54346f2e36bdb512ef4f7d702f18e59a746f0b936786bc76a30e87de0a061f17 |
| SHA512 | fe24353f0f4acafbde7d8cec7a5078668f5e6cd0b06c3e0c96cb3fed0beb3c8af2becb1d97fcbb369ac38193827c8d8a440694c79b5da3180224377e38f53777 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:14
Reported
2024-06-13 05:16
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
Checks installed software on the system
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a3f02b28e723d18556396300ec0db7d3_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c1.getapplicationmy.info | udp |
| GB | 94.229.72.123:80 | r1.getapplicationmy.info | tcp |
| US | 207.244.76.131:80 | c1.getapplicationmy.info | tcp |
| US | 8.8.8.8:53 | r2.getapplicationmy.info | udp |
| GB | 94.229.72.123:80 | r2.getapplicationmy.info | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 123.72.229.94.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | c2.getapplicationmy.info | udp |
| US | 207.244.76.131:80 | c2.getapplicationmy.info | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.76.244.207.in-addr.arpa | udp |
| US | 207.244.76.131:80 | c2.getapplicationmy.info | tcp |
| US | 207.244.76.131:80 | c2.getapplicationmy.info | tcp |
| US | 207.244.76.131:80 | c2.getapplicationmy.info | tcp |
| US | 207.244.76.131:80 | c2.getapplicationmy.info | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Tsu7B97F25D.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
C:\Users\Admin\AppData\Local\Temp\{2C34E789-9D33-48D0-AA3B-D511F7D7C57F}\_Setup.dll
| MD5 | a475792794328d8a503568cbe38e8531 |
| SHA1 | 47e5c4857f272898ed515e939f92cb9243b2ce2e |
| SHA256 | 2cd6c67a711059c2245615d80ee0e7d44a003b66d5577513b1dfb1bd7f1e7312 |
| SHA512 | 3ea14ace569233dd69e730b4dfae4f1292d2e950aa26aceeae78715d0831ff6919d1bbf7c70ec256dd8a5db7f2d09ea4f29a564c125b54fdf8c7de2c78631184 |
C:\Users\Admin\AppData\Local\Temp\{2C34E789-9D33-48D0-AA3B-D511F7D7C57F}\Custom.dll
| MD5 | 736682c6d96bb1edc84e77041faae33d |
| SHA1 | f8f6e20cd2aa23010b85ea289c3bc3cbdbc9ae26 |
| SHA256 | 54346f2e36bdb512ef4f7d702f18e59a746f0b936786bc76a30e87de0a061f17 |
| SHA512 | fe24353f0f4acafbde7d8cec7a5078668f5e6cd0b06c3e0c96cb3fed0beb3c8af2becb1d97fcbb369ac38193827c8d8a440694c79b5da3180224377e38f53777 |