Analysis Overview
SHA256
5c83829038032dfc81ba8c22bf705a28cd71f547f81a5f206a0d5d39aedad069
Threat Level: Shows suspicious behavior
The file a793bbb66911494e6eaca057feb8be56_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Checks installed software on the system
Maps connected drives based on registry
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:40
Reported
2024-06-14 01:42
Platform
win7-20240611-en
Max time kernel
120s
Max time network
124s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
Checks installed software on the system
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c1.downlloaddatamy.info | udp |
| US | 8.8.8.8:53 | c2.downlloaddatamy.info | udp |
| GB | 94.229.72.121:80 | r1.getapplicationmy.info | tcp |
| US | 8.8.8.8:53 | survey-smiles.com | udp |
| US | 199.59.243.226:80 | survey-smiles.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\Tsu2052AE82.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
\Users\Admin\AppData\Local\Temp\{25653D3E-F459-4C49-AEA2-BC7BFE861FC8}\_Setup.dll
| MD5 | b040c43d630d3740abefba186f46883b |
| SHA1 | c3c498b0cc6d34423780e8285cb3dc998ce1c4a3 |
| SHA256 | dd6dd4df86f215bea1c5b68cb7677dee75cda6cbbbf39ac040d67c992f6146df |
| SHA512 | a3e3305ce4925aee378b1a3ed3e58daa743990fe809ac1b3c90640a2fa53736133a8f16c6e8314b5f243ed1109d24e683142d45f1d502cf3714edd748b3c9f5c |
\Users\Admin\AppData\Local\Temp\{25653D3E-F459-4C49-AEA2-BC7BFE861FC8}\Custom.dll
| MD5 | 52ffb9f31fcf351bed204ed2fa781954 |
| SHA1 | 7acb17bc45cf6edc71726e59fb8a1d37eca51a55 |
| SHA256 | eb99eb74c3736102b174d6d7ff9afaa43bab8ad4bccfac53bb4dbb80392aa1d4 |
| SHA512 | 841c2683068522077d6f347c17d59815bf5f94015d6b539f6a3248c00bfb8a56360c2c7b3c8960dbda497e76fb88f8859bb5c1a7f80b24fe03dbf00db187f4b9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 01:40
Reported
2024-06-14 01:42
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
53s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
Checks installed software on the system
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a793bbb66911494e6eaca057feb8be56_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r1.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c1.downlloaddatamy.info | udp |
| US | 8.8.8.8:53 | c2.downlloaddatamy.info | udp |
| US | 8.8.8.8:53 | r2.getapplicationmy.info | udp |
| US | 8.8.8.8:53 | c1.downlloaddatamy.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Tsu3F3B2914.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
C:\Users\Admin\AppData\Local\Temp\{D13836BE-922D-439F-A174-DA0F0ADB1448}\_Setup.dll
| MD5 | b040c43d630d3740abefba186f46883b |
| SHA1 | c3c498b0cc6d34423780e8285cb3dc998ce1c4a3 |
| SHA256 | dd6dd4df86f215bea1c5b68cb7677dee75cda6cbbbf39ac040d67c992f6146df |
| SHA512 | a3e3305ce4925aee378b1a3ed3e58daa743990fe809ac1b3c90640a2fa53736133a8f16c6e8314b5f243ed1109d24e683142d45f1d502cf3714edd748b3c9f5c |
C:\Users\Admin\AppData\Local\Temp\{D13836BE-922D-439F-A174-DA0F0ADB1448}\Custom.dll
| MD5 | 52ffb9f31fcf351bed204ed2fa781954 |
| SHA1 | 7acb17bc45cf6edc71726e59fb8a1d37eca51a55 |
| SHA256 | eb99eb74c3736102b174d6d7ff9afaa43bab8ad4bccfac53bb4dbb80392aa1d4 |
| SHA512 | 841c2683068522077d6f347c17d59815bf5f94015d6b539f6a3248c00bfb8a56360c2c7b3c8960dbda497e76fb88f8859bb5c1a7f80b24fe03dbf00db187f4b9 |