Analysis Overview
SHA256
1375e32bed3281d2f1571483b53645deb8be48446cc54ff5e5d0041acb6d8d35
Threat Level: Shows suspicious behavior
The file a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks installed software on the system
Drops file in Windows directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:43
Reported
2024-06-13 14:46
Platform
win7-20240508-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Checks installed software on the system
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\SecurityBoost.job | C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | allallstate.com | udp |
| US | 8.8.8.8:53 | allmodel-pro.com | udp |
| US | 8.8.8.8:53 | digallstate.com | udp |
| US | 8.8.8.8:53 | get-multiple.link | udp |
Files
memory/2132-2-0x0000000000170000-0x0000000000171000-memory.dmp
memory/2132-0-0x0000000000020000-0x0000000000021000-memory.dmp
memory/2132-1-0x0000000000030000-0x0000000000031000-memory.dmp
memory/2132-3-0x00000000001D0000-0x00000000001F0000-memory.dmp
memory/2132-4-0x0000000000180000-0x0000000000181000-memory.dmp
memory/2132-9-0x00000000001D0000-0x00000000001F0000-memory.dmp
memory/2132-5-0x0000000000220000-0x000000000024F000-memory.dmp
memory/2132-17-0x00000000001D0000-0x00000000001F0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:43
Reported
2024-06-13 14:46
Platform
win10v2004-20240508-en
Max time kernel
52s
Max time network
51s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\SecurityBoost.job | C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a614d2120ac455d8f080f2f283cbabdb_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | allallstate.com | udp |
| US | 8.8.8.8:53 | allmodel-pro.com | udp |
| US | 8.8.8.8:53 | digallstate.com | udp |
| US | 8.8.8.8:53 | get-multiple.link | udp |
Files
memory/3168-2-0x0000000000780000-0x0000000000781000-memory.dmp
memory/3168-1-0x0000000000770000-0x0000000000771000-memory.dmp
memory/3168-0-0x0000000000760000-0x0000000000761000-memory.dmp
memory/3168-3-0x0000000000790000-0x0000000000791000-memory.dmp
memory/3168-4-0x00000000007A0000-0x00000000007C0000-memory.dmp
memory/3168-9-0x00000000007A0000-0x00000000007C0000-memory.dmp
memory/3168-6-0x00000000043F0000-0x000000000441F000-memory.dmp
memory/3168-17-0x00000000007A0000-0x00000000007C0000-memory.dmp