Malware Analysis Report

2024-10-10 12:04

Sample ID 240613-r3v6wstanh
Target a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118
SHA256 1375e32bed3281d2f1571483b53645deb8be48446cc54ff5e5d0041acb6d8d35
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

1375e32bed3281d2f1571483b53645deb8be48446cc54ff5e5d0041acb6d8d35

Threat Level: Shows suspicious behavior

The file a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Checks installed software on the system

Drops file in Windows directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:43

Reported

2024-06-13 14:46

Platform

win7-20240508-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe"

Signatures

Checks installed software on the system

discovery

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\SecurityBoost.job C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 allallstate.com udp
US 8.8.8.8:53 allmodel-pro.com udp
US 8.8.8.8:53 digallstate.com udp
US 8.8.8.8:53 get-multiple.link udp

Files

memory/2132-2-0x0000000000170000-0x0000000000171000-memory.dmp

memory/2132-0-0x0000000000020000-0x0000000000021000-memory.dmp

memory/2132-1-0x0000000000030000-0x0000000000031000-memory.dmp

memory/2132-3-0x00000000001D0000-0x00000000001F0000-memory.dmp

memory/2132-4-0x0000000000180000-0x0000000000181000-memory.dmp

memory/2132-9-0x00000000001D0000-0x00000000001F0000-memory.dmp

memory/2132-5-0x0000000000220000-0x000000000024F000-memory.dmp

memory/2132-17-0x00000000001D0000-0x00000000001F0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:43

Reported

2024-06-13 14:46

Platform

win10v2004-20240508-en

Max time kernel

52s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\SecurityBoost.job C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 allallstate.com udp
US 8.8.8.8:53 allmodel-pro.com udp
US 8.8.8.8:53 digallstate.com udp
US 8.8.8.8:53 get-multiple.link udp

Files

memory/3168-2-0x0000000000780000-0x0000000000781000-memory.dmp

memory/3168-1-0x0000000000770000-0x0000000000771000-memory.dmp

memory/3168-0-0x0000000000760000-0x0000000000761000-memory.dmp

memory/3168-3-0x0000000000790000-0x0000000000791000-memory.dmp

memory/3168-4-0x00000000007A0000-0x00000000007C0000-memory.dmp

memory/3168-9-0x00000000007A0000-0x00000000007C0000-memory.dmp

memory/3168-6-0x00000000043F0000-0x000000000441F000-memory.dmp

memory/3168-17-0x00000000007A0000-0x00000000007C0000-memory.dmp