Analysis Overview
SHA256
e1eee24c316fea187d47f1fe9c6eea7dcc121f2f239bf12c35abe6faa90645ca
Threat Level: Known bad
The file 05c12a2db7e2f37660e481e0bf0f957b_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Metasploit family
MetaSploit
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-23 08:46
Signatures
Metasploit family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-23 08:46
Reported
2024-06-23 08:49
Platform
win10v2004-20240611-en
Max time kernel
139s
Max time network
124s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\05c12a2db7e2f37660e481e0bf0f957b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05c12a2db7e2f37660e481e0bf0f957b_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.30.153:443 | tcp | |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/2364-0-0x0000000000670000-0x0000000000671000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-23 08:46
Reported
2024-06-23 08:49
Platform
win7-20240221-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
MetaSploit
Processes
C:\Users\Admin\AppData\Local\Temp\05c12a2db7e2f37660e481e0bf0f957b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\05c12a2db7e2f37660e481e0bf0f957b_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 192.168.30.153:443 | tcp |
Files
memory/1948-0-0x0000000000020000-0x0000000000021000-memory.dmp