Malware Analysis Report

2025-01-22 12:59

Sample ID 240626-mv6v7s1dmf
Target 11bc744801b516d0b84fba5850ec8789_JaffaCakes118
SHA256 decfaa83bf2eb9afe57a09da2d3142512a543708214608fdd19bdb7e17051a7c
Tags
vmprotect bootkit persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

decfaa83bf2eb9afe57a09da2d3142512a543708214608fdd19bdb7e17051a7c

Threat Level: Shows suspicious behavior

The file 11bc744801b516d0b84fba5850ec8789_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect bootkit persistence

Unexpected DNS network traffic destination

VMProtect packed file

Writes to the Master Boot Record (MBR)

Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-26 10:48

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 10:48

Reported

2024-06-26 10:50

Platform

win7-20240419-en

Max time kernel

134s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe"

Signatures

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 199.249.18.1 N/A N/A
Destination IP 208.247.100.30 N/A N/A
Destination IP 129.253.170.2 N/A N/A
Destination IP 192.146.1.42 N/A N/A
Destination IP 199.230.128.23 N/A N/A
Destination IP 198.89.159.240 N/A N/A
Destination IP 216.52.161.1 N/A N/A
Destination IP 131.151.1.7 N/A N/A
Destination IP 198.180.132.26 N/A N/A
Destination IP 64.102.255.44 N/A N/A
Destination IP 216.107.140.4 N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 207.97.249.212:443 tcp
US 65.160.234.93:443 tcp
US 209.34.241.68:443 tcp
US 160.129.50.189:443 tcp
US 209.34.241.68:443 tcp
CN 219.143.245.186:443 tcp
US 63.245.209.72:443 tcp
SI 212.103.159.13:443 tcp
US 74.125.19.48:443 tcp
US 66.45.71.42:443 tcp
US 207.105.75.196:443 tcp
US 167.102.245.61:443 tcp
GB 212.140.245.12:443 tcp
US 199.67.185.130:443 tcp
US 74.125.19.48:443 tcp
US 205.188.99.125:443 tcp
UA 91.192.128.34:443 tcp
US 192.88.209.56:443 tcp
US 208.43.120.235:443 tcp
JP 210.171.0.140:443 tcp
US 205.130.212.1:443 tcp
US 157.150.195.69:443 tcp
US 64.236.108.247:443 tcp
US 204.65.38.32:443 tcp
US 63.245.209.31:443 tcp
CN 219.142.79.192:443 tcp
RU 81.177.31.150:443 tcp
CN 159.226.244.14:443 tcp
US 128.123.18.17:443 tcp
US 131.107.115.156:443 tcp
DE 80.83.114.72:443 tcp
TW 210.59.144.3:443 tcp
US 128.101.65.204:443 tcp
US 131.107.115.156:443 tcp
US 204.65.38.32:443 tcp
IN 203.27.235.60:443 tcp
US 198.180.132.26:53 bunq.fyrezbav.armstrongteasdale.info udp
US 199.249.18.1:53 bunq.fyrezbav.thoumann.info udp
US 198.89.159.240:53 sendspace.com udp
US 208.247.100.30:53 nmjv.bduaxqtb.medicare.info udp
US 192.146.1.42:53 nmjv.bduaxqtb.rcraou44.info udp
US 131.151.1.7:53 blogger.com udp
US 216.107.140.4:53 lbbu.bwbvavcc.chevron.info udp
US 64.102.255.44:53 lbbu.bwbvavcc.urnccsh.info udp
US 216.52.161.1:53 demonoid.com udp
US 199.230.128.23:53 habo.tuqxxzfa.fmc.info udp
US 129.253.170.2:53 habo.tuqxxzfa.xmhs.info udp
CA 216.13.113.51:443 tcp
US 140.247.35.75:443 tcp
US 209.85.171.115:443 tcp
CN 202.99.22.24:443 tcp
US 209.51.169.94:443 tcp
TW 210.71.212.9:443 tcp
US 170.135.216.32:443 tcp
LU 158.64.90.9:443 tcp
CA 216.13.113.51:443 tcp
US 128.6.76.208:443 tcp
US 207.105.75.196:443 tcp
US 167.102.245.62:443 tcp
US 8.8.8.8:53 www.google.com udp
US 66.218.82.68:443 tcp
DE 88.198.124.202:443 tcp
CN 61.233.14.206:443 tcp
US 12.153.224.80:443 tcp
GB 213.123.26.22:443 tcp
IN 203.27.235.60:443 tcp
GB 142.250.187.196:443 www.google.com tcp
IN 203.27.235.60:443 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
DE 88.198.124.202:443 tcp
IN 203.27.235.60:443 tcp
IN 203.27.235.60:443 tcp
US 12.153.224.80:443 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 209.85.171.115:443 tcp
US 66.45.71.91:443 tcp
US 170.135.216.62:443 tcp
US 206.200.251.109:443 tcp
US 199.67.185.130:443 tcp
CA 192.228.29.9:443 tcp
US 204.16.104.198:443 tcp
US 165.189.61.247:443 tcp
US 207.97.249.212:443 tcp
US 66.45.71.42:443 tcp
RU 81.177.31.150:443 tcp
US 167.102.245.61:443 tcp
GB 213.123.26.22:443 tcp
US 66.218.82.68:443 tcp
IN 203.27.235.60:443 tcp
CN 61.233.14.206:443 tcp
US 12.153.224.80:443 tcp
US 8.8.8.8:53 docs.google.com udp
DE 88.198.124.202:443 tcp
GB 142.250.187.206:443 docs.google.com tcp
US 12.153.224.80:443 tcp
IN 203.27.235.60:443 tcp
N/A 127.0.0.1:9666 tcp
DE 88.198.124.202:443 tcp
IN 203.27.235.60:443 tcp
IN 203.27.235.60:443 tcp
US 66.218.82.68:443 tcp
GB 213.123.26.22:443 tcp
CN 61.233.14.206:443 tcp
US 130.191.143.18:443 tcp
US 208.236.105.4:443 tcp
US 192.86.252.227:443 tcp
DK 193.88.6.14:443 tcp
CN 58.251.63.182:443 tcp
US 216.226.191.109:443 tcp
US 207.188.24.140:443 tcp
US 216.236.237.6:443 tcp
US 63.245.209.10:443 tcp
US 64.209.235.176:443 tcp
DE 80.83.114.72:443 tcp
GR 195.134.100.120:443 tcp
US 24.6.170.102:443 tcp
US 165.112.6.76:443 tcp
US 24.118.80.73:443 tcp
US 167.21.84.13:443 tcp
US 68.197.191.197:443 tcp
US 167.181.31.85:443 tcp
KR 61.76.129.198:443 tcp
US 158.96.54.7:443 tcp
KR 59.21.199.50:443 tcp
CN 159.226.244.14:443 tcp
KR 58.225.23.143:443 tcp
US 208.43.120.235:443 tcp
US 24.6.170.102:443 tcp
KR 58.225.23.143:443 tcp
KR 58.225.23.143:443 tcp
US 66.218.82.68:443 tcp
GB 213.123.26.22:443 tcp
CN 61.233.14.206:443 tcp
N/A 127.0.0.1:9666 tcp
US 66.0.115.164:443 tcp
BE 193.41.233.200:443 tcp
US 170.135.216.62:443 tcp
GB 212.140.245.12:443 tcp
US 192.86.252.227:443 tcp
US 128.6.76.208:443 tcp
GB 212.140.245.12:443 tcp
US 65.182.181.181:443 tcp
GB 212.140.245.12:443 tcp
US 165.189.61.247:443 tcp
US 204.16.104.198:443 tcp
SG 202.161.41.239:443 tcp
CA 216.13.113.51:443 tcp
US 64.209.235.176:443 tcp
US 209.34.241.68:443 tcp
US 161.226.4.114:443 tcp
US 192.86.252.227:443 tcp
US 209.234.66.215:443 tcp
US 209.85.171.115:443 tcp
US 158.229.251.10:443 tcp
US 159.53.64.54:443 tcp
US 168.215.152.65:443 tcp
US 12.153.224.80:443 tcp
US 165.112.6.76:443 tcp
N/A 127.0.0.1:9666 tcp

Files

memory/1996-0-0x0000000000400000-0x00000000004E2000-memory.dmp

memory/1996-1-0x0000000000400000-0x00000000004E2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab7023.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar7110.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

memory/1996-33-0x0000000000400000-0x00000000004E2000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 372d611631a12050a15bf4908675c879
SHA1 e3a8ae5a22de22ff6cfc8489fab2fa144735ddec
SHA256 36cbaea4f31825f30daecd90a178b56d76d5c12256ce3a3e00730fa8932b2a96
SHA512 ab7d33ced93f80a0bb2dd679fdae03f2f2eea5a3286745a0f1a519a80734cdb8118c92847a03a3aef9ca98ef5f31fbb5e9f53df8b8ebe59a957d7bd714381b63

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-26 10:48

Reported

2024-06-26 10:50

Platform

win10v2004-20240611-en

Max time kernel

135s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe"

Signatures

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 199.249.18.1 N/A N/A
Destination IP 161.150.197.252 N/A N/A
Destination IP 192.128.167.77 N/A N/A
Destination IP 128.253.180.2 N/A N/A
Destination IP 216.52.97.33 N/A N/A
Destination IP 161.150.129.252 N/A N/A
Destination IP 192.35.82.50 N/A N/A
Destination IP 130.160.4.114 N/A N/A
Destination IP 208.255.120.35 N/A N/A
Destination IP 165.254.12.151 N/A N/A
Destination IP 209.154.198.86 N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\11bc744801b516d0b84fba5850ec8789_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 209.85.171.115:443 tcp
US 149.168.111.6:443 tcp
JP 59.106.108.86:443 tcp
US 167.21.84.13:443 tcp
US 205.130.212.1:443 tcp
CN 202.152.186.68:443 tcp
NL 85.17.138.4:443 tcp
US 192.189.112.158:443 tcp
US 164.154.226.26:443 tcp
US 167.21.84.22:443 tcp
US 74.125.19.112:443 tcp
US 199.67.185.130:443 tcp
US 170.135.216.62:443 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 216.52.97.33:53 ebcm.axczvrwx.dlapiper.info udp
US 130.160.4.114:53 ebcm.axczvrwx.secrch.info udp
US 208.255.120.35:53 6rbtop.com udp
US 161.150.197.252:53 xrrz.ywyvabfs.lawyers.info udp
US 209.154.198.86:53 xrrz.ywyvabfs.zczo.info udp
US 192.35.82.50:53 deviantart.com udp
US 161.150.129.252:53 wjyh.zyrxcwsw.disney.info udp
US 165.254.12.151:53 wjyh.zyrxcwsw.ssch4f.info udp
US 128.253.180.2:53 badongo.com udp
US 199.249.18.1:53 zctb.xwadsvts.dupont.info udp
US 192.128.167.77:53 zctb.xwadsvts.regnun.info udp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 6.111.168.149.in-addr.arpa udp
US 8.8.8.8:53 13.84.21.167.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 158.112.189.192.in-addr.arpa udp
US 8.8.8.8:53 33.97.52.216.in-addr.arpa udp
US 8.8.8.8:53 114.4.160.130.in-addr.arpa udp
US 8.8.8.8:53 252.197.150.161.in-addr.arpa udp
US 8.8.8.8:53 35.120.255.208.in-addr.arpa udp
US 8.8.8.8:53 50.82.35.192.in-addr.arpa udp
US 8.8.8.8:53 86.198.154.209.in-addr.arpa udp
US 8.8.8.8:53 151.12.254.165.in-addr.arpa udp
US 8.8.8.8:53 252.129.150.161.in-addr.arpa udp
US 8.8.8.8:53 2.180.253.128.in-addr.arpa udp
US 8.8.8.8:53 1.18.249.199.in-addr.arpa udp
US 8.8.8.8:53 77.167.128.192.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
N/A 127.0.0.1:9666 tcp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
N/A 127.0.0.1:9666 tcp
US 205.130.212.1:443 tcp
SI 212.103.159.13:443 tcp
US 208.43.120.235:443 tcp
CN 221.231.141.46:443 tcp
US 64.34.180.105:443 tcp
US 64.236.108.247:443 tcp
MY 202.162.28.23:443 tcp
US 137.187.67.134:443 tcp
US 199.67.185.130:443 tcp
US 168.166.73.14:443 tcp
US 209.85.171.115:443 tcp
JP 59.106.108.86:443 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 192.86.252.227:443 tcp
US 74.125.19.44:443 tcp
UA 91.192.128.34:443 tcp
US 130.191.143.18:443 tcp
US 192.86.252.227:443 tcp
US 204.65.38.32:443 tcp
US 207.188.24.140:443 tcp
US 216.226.191.109:443 tcp
US 207.188.24.140:443 tcp
US 216.231.208.62:443 tcp
US 216.134.197.184:443 tcp
US 206.200.251.109:443 tcp
US 204.65.38.32:443 tcp
US 198.239.146.19:443 tcp
US 204.16.104.198:443 tcp
US 165.189.61.247:443 tcp
US 192.86.252.227:443 tcp
US 167.21.84.13:443 tcp
US 204.65.38.32:443 tcp
US 38.144.194.3:443 tcp
CA 207.35.11.17:443 tcp
TW 210.71.212.9:443 tcp
US 74.125.19.44:443 tcp
US 204.200.195.130:443 tcp
US 66.45.71.42:443 tcp
CN 219.142.89.142:443 tcp
US 168.215.152.65:443 tcp
TW 61.219.223.187:443 tcp
US 140.247.35.75:443 tcp
US 208.236.105.4:443 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
N/A 127.0.0.1:9666 tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.146.239.198.in-addr.arpa udp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
N/A 127.0.0.1:9666 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
US 168.215.152.65:443 tcp
SG 203.127.2.21:443 tcp
US 170.135.216.32:443 tcp
CN 219.143.245.186:443 tcp
US 192.88.209.56:443 tcp
CN 58.251.63.182:443 tcp
US 204.16.104.198:443 tcp
US 38.144.194.3:443 tcp
US 168.215.152.65:443 tcp
CN 221.231.141.46:443 tcp
US 168.215.152.65:443 tcp
NZ 138.235.42.3:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
GB 212.140.245.12:443 tcp
US 207.105.75.196:443 tcp
GB 212.140.245.12:443 tcp
US 155.247.80.132:443 tcp
US 209.51.169.94:443 tcp
US 66.45.71.42:443 tcp
DE 80.83.114.72:443 tcp
US 204.16.104.198:443 tcp
DE 80.83.114.72:443 tcp
US 164.106.10.145:443 tcp
RU 81.177.31.150:443 tcp
US 65.160.234.93:443 tcp
US 137.187.66.224:443 tcp
TW 210.71.212.9:443 tcp
US 204.16.104.198:443 tcp
US 72.172.235.12:443 tcp
NL 85.17.138.4:443 tcp
US 192.175.191.35:443 tcp
CN 58.251.63.182:443 tcp
US 64.34.180.105:443 tcp
US 64.209.235.176:443 tcp
US 65.160.234.93:443 tcp
DE 80.83.114.72:443 tcp
US 208.43.120.235:443 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
N/A 127.0.0.1:9666 tcp
CA 207.35.11.17:443 tcp
SG 202.161.41.239:443 tcp
US 63.245.209.72:443 tcp
US 38.144.194.3:443 tcp
CA 207.35.11.17:443 tcp
CN 219.142.79.192:443 tcp
US 207.97.249.212:443 tcp
CN 211.157.28.135:443 tcp
US 64.34.180.105:443 tcp
SG 202.161.41.239:443 tcp
US 130.191.143.18:443 tcp
TW 210.59.144.3:443 tcp
UA 91.192.128.34:443 tcp
MY 202.162.28.23:443 tcp
US 192.88.209.56:443 tcp
TW 210.71.212.9:443 tcp
US 199.67.185.130:443 tcp
US 156.80.1.107:443 tcp
DE 80.83.114.72:443 tcp
US 170.135.216.62:443 tcp
US 165.189.61.247:443 tcp
US 137.187.67.134:443 tcp
US 64.236.108.247:443 tcp
US 155.247.80.132:443 tcp
US 130.191.143.18:443 tcp
CN 202.99.22.24:443 tcp
US 170.135.216.32:443 tcp
US 165.112.6.76:443 tcp
CA 64.34.52.146:443 tcp
JP 203.174.79.74:443 tcp
NL 85.17.138.4:443 tcp
CN 218.80.229.139:443 tcp
US 192.86.252.227:443 tcp
GB 212.140.245.12:443 tcp
US 208.43.120.235:443 tcp
US 170.135.216.32:443 tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
US 137.187.66.224:443 tcp
AU 203.202.41.117:443 tcp
US 204.16.104.198:443 tcp
CN 219.143.245.186:443 tcp
US 128.123.18.17:443 tcp
US 216.134.197.184:443 tcp
US 12.164.227.33:443 tcp
US 170.135.216.62:443 tcp
US 209.51.169.94:443 tcp
US 207.97.249.212:443 tcp
US 12.153.224.80:443 tcp
CN 202.152.180.228:443 tcp
TW 61.219.223.187:443 tcp
US 208.236.105.4:443 tcp
US 168.215.152.65:443 tcp
US 66.45.71.42:443 tcp
US 140.247.35.75:443 tcp
CN 219.142.89.142:443 tcp
US 8.8.8.8:53 docs.google.com udp
GB 142.250.187.206:443 docs.google.com tcp
US 8.8.8.8:53 80.224.153.12.in-addr.arpa udp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
NL 85.17.138.4:443 tcp
US 140.211.11.140:443 tcp
US 64.209.235.176:443 tcp
GB 212.140.245.12:443 tcp
US 207.105.75.196:443 tcp
CN 116.228.10.116:443 tcp
US 204.65.38.32:443 tcp
US 128.231.86.79:443 tcp
US 209.51.169.94:443 tcp
US 74.125.19.44:443 tcp
US 204.16.104.198:443 tcp
CN 202.152.186.68:443 tcp
NL 85.17.138.4:443 tcp
CN 61.233.14.206:443 tcp
GB 91.189.90.244:443 tcp
US 155.247.80.132:443 tcp
UA 91.192.128.34:443 tcp
US 204.16.104.198:443 tcp
US 128.231.86.79:443 tcp
US 137.187.67.134:443 tcp
US 66.0.115.164:443 tcp
CN 159.226.244.14:443 tcp
US 137.187.66.224:443 tcp
CN 219.143.224.189:443 tcp
N/A 127.0.0.1:9666 tcp
N/A 127.0.0.1:9666 tcp
US 207.188.24.140:443 tcp
US 72.172.235.12:443 tcp
GB 212.140.245.12:443 tcp
CN 58.251.63.182:443 tcp
RU 81.177.31.150:443 tcp
US 155.247.80.132:443 tcp
US 207.97.249.212:443 tcp
US 156.80.1.107:443 tcp
US 63.245.209.31:443 tcp
US 209.51.169.94:443 tcp
US 64.236.108.247:443 tcp
US 12.153.224.80:443 tcp
US 98.245.118.24:443 tcp
KR 211.36.163.226:443 tcp
US 12.164.227.33:443 tcp
US 155.247.80.132:443 tcp
US 66.45.71.42:443 tcp
US 24.5.13.160:443 tcp
US 24.215.163.89:443 tcp
US 199.67.185.130:443 tcp
KR 203.223.106.190:443 tcp
US 198.93.34.158:443 tcp
TW 118.161.240.231:443 tcp
US 209.221.141.69:443 tcp

Files

memory/1556-0-0x0000000000400000-0x00000000004E2000-memory.dmp

memory/1556-1-0x0000000000400000-0x00000000004E2000-memory.dmp

memory/1556-5-0x0000000000400000-0x00000000004E2000-memory.dmp