Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 15:01 UTC

General

  • Target

    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe

  • Size

    829KB

  • MD5

    30daf12ae3bbceb5a3593fb49cb57a4a

  • SHA1

    3da47464660901dc426b8dc2a95b3dd99f9fdb41

  • SHA256

    51ec2a5ca7624f4afce7f2b8195e1c063a597e3519817409c6cfcfc72ffb8009

  • SHA512

    53766bb7f8b8dcc1a798c75d056e9dd4675afd890f7eb0ef6fbcb310e0d1bad782032025cd683551a18ef82bcd1dba512dcc2e476f8f37641053a29ca9619c4c

  • SSDEEP

    24576:puA04LuA1Sq0zfcmjNGLussl7arqirGrewW:UApKZq0JhGLurlDirGrZ

Malware Config

Signatures

  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    PID:2676

Network

  • flag-tw
    DNS
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    Remote address:
    123.195.98.14:80
    Response
    HTTP/1.0 400 Bad Request
    Date: Tue, 09 Jul 2024 15:40:07 GMT
    Server: Boa/0.94.14rc21
    Accept-Ranges: bytes
    Connection: close
    Content-Type: text/html; charset=ISO-8859-1
  • 127.0.0.1:49193
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 98.239.32.56:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 123.195.98.14:80
    http
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    1.9kB
    539 B
    6
    5

    HTTP Response

    400
  • 127.0.0.1:49196
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 127.0.0.1:49199
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 125.186.101.52:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49203
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 94.54.94.4:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49209
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 112.202.69.141:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49213
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 77.239.18.223:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49216
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 220.68.232.70:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49220
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 118.32.89.205:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    80 B
    3
    2
  • 220.70.45.46:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49224
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 218.253.109.79:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49228
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 77.239.3.11:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49232
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 210.125.119.37:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49236
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 77.238.214.18:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49240
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 89.165.8.70:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49244
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 58.238.87.31:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49248
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 180.68.243.74:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    152 B
    3
  • 127.0.0.1:49252
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
  • 58.230.86.35:80
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
    104 B
    2
  • 127.0.0.1:49256
    30daf12ae3bbceb5a3593fb49cb57a4a_JaffaCakes118.exe
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2676-0-0x00000000028E0000-0x00000000029B2000-memory.dmp

    Filesize

    840KB

  • memory/2676-1-0x00000000007E0000-0x00000000008A5000-memory.dmp

    Filesize

    788KB

  • memory/2676-2-0x00000000008B0000-0x0000000000ACD000-memory.dmp

    Filesize

    2.1MB

  • memory/2676-3-0x00000000008B0000-0x0000000000AE1000-memory.dmp

    Filesize

    2.2MB

  • memory/2676-5-0x00000000008B0000-0x0000000000ACD000-memory.dmp

    Filesize

    2.1MB

  • memory/2676-10-0x00000000008B0000-0x0000000000AE1000-memory.dmp

    Filesize

    2.2MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.