Malware Analysis Report

2025-01-18 00:58

Sample ID 240613-lcnfgawgnp
Target a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118
SHA256 10a6ccd07faf1a68e3626db66fb496519d5481c729253460a9a7ffd6642612ac
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

10a6ccd07faf1a68e3626db66fb496519d5481c729253460a9a7ffd6642612ac

Threat Level: Shows suspicious behavior

The file a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Loads dropped DLL

Unsigned PE

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:23

Reported

2024-06-13 09:25

Platform

win7-20240611-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 r1.reportbox3.info udp
US 8.8.8.8:53 c1.reportbox3.info udp
US 8.8.8.8:53 c2.reportbox3.info udp
US 8.8.8.8:53 r2.reportbox3.info udp

Files

\Users\Admin\AppData\Local\Temp\TsuA93A2144.dll

MD5 af7ce801c8471c5cd19b366333c153c4
SHA1 4267749d020a362edbd25434ad65f98b073581f1
SHA256 cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e
SHA512 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

\Users\Admin\AppData\Local\Temp\{C0D992CE-AAD1-4B0D-A9E6-E2F31B3AB038}\_Setup.dll

MD5 f16ac5e1a96d31a997a6e4c8f1adae0c
SHA1 c8b035cc4cc66172538dfdd115d1804afef357c9
SHA256 044a8ac9085c3f5524817d8dbd0ade4d43b9ab72978e15e61fdf8b00b68f69cc
SHA512 35b2259c77e4e5c96657446b402cf1075dfd2e9c2d80029cc26ce796c8beb27a403917bbdef98760409ec0ea2afbbf853642638b0ea31e0166c1d29b6e4206e5

\Users\Admin\AppData\Local\Temp\{C0D992CE-AAD1-4B0D-A9E6-E2F31B3AB038}\Custom.dll

MD5 0f44d43090e1e6784224ff618ce709ff
SHA1 1dd769d04e61e44ad3caf3aa28eb39b466477b34
SHA256 93089adb588d7fd316e2d0ee6cb0b06bc92a314f5c90000f9515c87d635d2221
SHA512 0eb3115652bc25bf981ad7edda4cb006fed41b080ea50b63011ccf0c13ebfe4a076af3dfc72caeb8f33f38e96ed92308c0ba367dc17db08ee46ea7c4b5c0207c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:23

Reported

2024-06-13 09:25

Platform

win10v2004-20240508-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4404,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 r1.reportbox3.info udp
US 8.8.8.8:53 c1.reportbox3.info udp
US 8.8.8.8:53 r2.reportbox3.info udp
US 8.8.8.8:53 c2.reportbox3.info udp
US 8.8.8.8:53 c1.reportbox3.info udp

Files

C:\Users\Admin\AppData\Local\Temp\TsuA888F33D.dll

MD5 af7ce801c8471c5cd19b366333c153c4
SHA1 4267749d020a362edbd25434ad65f98b073581f1
SHA256 cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e
SHA512 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

C:\Users\Admin\AppData\Local\Temp\{FFD097D5-4696-476F-A584-0EB42433B523}\_Setup.dll

MD5 f16ac5e1a96d31a997a6e4c8f1adae0c
SHA1 c8b035cc4cc66172538dfdd115d1804afef357c9
SHA256 044a8ac9085c3f5524817d8dbd0ade4d43b9ab72978e15e61fdf8b00b68f69cc
SHA512 35b2259c77e4e5c96657446b402cf1075dfd2e9c2d80029cc26ce796c8beb27a403917bbdef98760409ec0ea2afbbf853642638b0ea31e0166c1d29b6e4206e5

C:\Users\Admin\AppData\Local\Temp\{FFD097D5-4696-476F-A584-0EB42433B523}\Custom.dll

MD5 0f44d43090e1e6784224ff618ce709ff
SHA1 1dd769d04e61e44ad3caf3aa28eb39b466477b34
SHA256 93089adb588d7fd316e2d0ee6cb0b06bc92a314f5c90000f9515c87d635d2221
SHA512 0eb3115652bc25bf981ad7edda4cb006fed41b080ea50b63011ccf0c13ebfe4a076af3dfc72caeb8f33f38e96ed92308c0ba367dc17db08ee46ea7c4b5c0207c