Analysis Overview
SHA256
10a9b395f1007751129b98a364e41097b4759865c17baa70d7cd1a8645967011
Threat Level: Shows suspicious behavior
The file a5b2d140f899092e456b127681ffb1ca_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Checks installed software on the system
Maps connected drives based on registry
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:08
Reported
2024-06-13 13:10
Platform
win7-20240508-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
Checks installed software on the system
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | r2.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c2.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c2.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c2.getapplicationmy.info | udp |
Files
\Users\Admin\AppData\Local\Temp\Tsu3489592C.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
\Users\Admin\AppData\Local\Temp\{00AC47AC-EB31-4F21-ADCA-A313DB4F655A}\_Setup.dll
| MD5 | e991f79040937530c20ae0db2f74e4db |
| SHA1 | 6be9fe304687ac1c9ae4feae500eb7f683c27e86 |
| SHA256 | ade2b71ba0f45678470346f25803d1822ab7cf072b122b91f0a8feead799c87e |
| SHA512 | fd069a1658006a4f0ada522bfe93a9a30f3ff058b54803556c8e6d0b3d1d3944072e2c2a5d0c5342986fc8af955abec3d974bea0a944e69e2c3e682954283790 |
\Users\Admin\AppData\Local\Temp\{00AC47AC-EB31-4F21-ADCA-A313DB4F655A}\Custom.dll
| MD5 | 0842e2723fff1f80955c9dbd38019c75 |
| SHA1 | bea88c3fe74817b048951bd218e70d9dead617d9 |
| SHA256 | d71cea96d49b48f8702337d01681b2f144aca8acb56a699b9599106c11cc7458 |
| SHA512 | 28acff8e01224291aa67f57b2d514db84a79fc2cf7ed28ed2e2cecbdf070fb3b1cf52e295a9412641422338f78d86fc6ea21d835a8de21565a8f53d24c604b02 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:08
Reported
2024-06-13 13:11
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
58s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
Checks installed software on the system
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a5b2d140f899092e456b127681ffb1ca_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | c1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | r1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c2.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | r2.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c1.getapplicationmy.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Tsu391C6757.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
C:\Users\Admin\AppData\Local\Temp\{B72D7F36-83CB-4D3E-AFD5-CBE96CCE5DC0}\_Setup.dll
| MD5 | e991f79040937530c20ae0db2f74e4db |
| SHA1 | 6be9fe304687ac1c9ae4feae500eb7f683c27e86 |
| SHA256 | ade2b71ba0f45678470346f25803d1822ab7cf072b122b91f0a8feead799c87e |
| SHA512 | fd069a1658006a4f0ada522bfe93a9a30f3ff058b54803556c8e6d0b3d1d3944072e2c2a5d0c5342986fc8af955abec3d974bea0a944e69e2c3e682954283790 |
C:\Users\Admin\AppData\Local\Temp\{B72D7F36-83CB-4D3E-AFD5-CBE96CCE5DC0}\Custom.dll
| MD5 | 0842e2723fff1f80955c9dbd38019c75 |
| SHA1 | bea88c3fe74817b048951bd218e70d9dead617d9 |
| SHA256 | d71cea96d49b48f8702337d01681b2f144aca8acb56a699b9599106c11cc7458 |
| SHA512 | 28acff8e01224291aa67f57b2d514db84a79fc2cf7ed28ed2e2cecbdf070fb3b1cf52e295a9412641422338f78d86fc6ea21d835a8de21565a8f53d24c604b02 |