Overview

overview

7

Static

static

7

38562e09ae...18.exe

windows7-x64

7

38562e09ae...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 08:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38562e09ae943cdb13d350d183d93649_JaffaCakes118.exe

  • Size

    3.1MB

  • MD5

    38562e09ae943cdb13d350d183d93649

  • SHA1

    bbc4d07d8e029999c4c2c86954eae83e2a388526

  • SHA256

    ef8e5b522b9e5ce79650f54a3fe307d978b290d8d19921ec74b12f6a8998605f

  • SHA512

    5f88329d9980b4ad19bddce3ba45d0b25466318f91d66f0ee3ed33e35b4eb1f4a972afb05918679f3d873e80d351dc339a7b88f0408b5bacadb6755388ef3a97

  • SSDEEP

    98304:sI1kLDRRBTwbnMUMXVw+nl2capREDWrvyqUigtS:I9wQV723xv7IS

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\38562e09ae943cdb13d350d183d93649_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\38562e09ae943cdb13d350d183d93649_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    PID:4780

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=02354856834B6AAA174F5CEF82AB6B5F; domain=.bing.com; expires=Tue, 05-Aug-2025 08:10:45 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8A24D62EFB994D8EBC1728AEDE8D27EA Ref B: LON04EDGE1006 Ref C: 2024-07-11T08:10:45Z
    date: Thu, 11 Jul 2024 08:10:44 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=02354856834B6AAA174F5CEF82AB6B5F
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=IFHbtZYpTFa98zzppPjjakxqbhX6312DvLhEmq8WPho; domain=.bing.com; expires=Tue, 05-Aug-2025 08:10:45 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0FCD29F8678247A78B5FDDD5E0682222 Ref B: LON04EDGE1006 Ref C: 2024-07-11T08:10:45Z
    date: Thu, 11 Jul 2024 08:10:44 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=
    Remote address:
    13.107.21.237:443
    Request
    GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid= HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=02354856834B6AAA174F5CEF82AB6B5F; MSPTC=IFHbtZYpTFa98zzppPjjakxqbhX6312DvLhEmq8WPho
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 8A5135F4193646AE9A363C3667D1567B Ref B: LON04EDGE1006 Ref C: 2024-07-11T08:10:45Z
    date: Thu, 11 Jul 2024 08:10:44 GMT
  • flag-us
    DNS
    237.21.107.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.21.107.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    140.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 13.107.21.237:443
    https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=
    tls, http2
    2.0kB
     9.3kB
     22
    19

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=a121115895124c78b45ba9bef7b32c86&localId=w:A12AC88C-949E-57CB-CC9F-17EBD2A35AF9&deviceId=6825836757625552&anid=

    HTTP Response

    204
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    13.107.21.237
    204.79.197.237

  • 8.8.8.8:53
    237.21.107.13.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    237.21.107.13.in-addr.arpa

  • 8.8.8.8:53
    140.32.126.40.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    140.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Temp\1JQ2PRAK\38562e09ae943cdb13d350d183d93649_JaffaCakes118\plugins\0\CustomUI.dll
    Filesize

    344KB

    MD5

    04eecd03af7eafb84b6581a5b37d275e

    SHA1

    3351059d04a2e9f9f0a3719083eeda03dab0f124

    SHA256

    39ba967edebb288f921c37348d7c21b05e3af40033e0eb386f35b4be2b04be50

    SHA512

    19088141aa48e1bb74202d09751006fa9182568750caa7e3132169c66c9fee4a784cb1139c954b1c940f9578cfa51be7474c09780cc6fda3022e69eeec9c21d9

    Download Submit

  • C:\Temp\1JQ2PRAK\38562e09ae943cdb13d350d183d93649_JaffaCakes118\plugins\1\Services.dll
    Filesize

    105KB

    MD5

    3ab4759b51da484ead6abf916f853c9b

    SHA1

    a91d59a8b8e81ae4dc66b39e7b991735c2790d77

    SHA256

    3b7672d1f8b9bcdebacf98e0bc2a29f2bd430211101b297f1f5ad712de7ee62b

    SHA512

    7205a5e84c191419dfde07b8f4aebe42f9ec4d231de20bce4ce04d9cf61c30f43904db4f401faeb4b166b8c9f3ba06f379eab6601219bf996326fb7f6a6a8cf1

    Download Submit

  • C:\Temp\1JQ2PRAK\unpack.dll
    Filesize

    34KB

    MD5

    705aa1dc6f5fb72a2182ffd2c95bfa2e

    SHA1

    08de4589e01d3f0f589209baf8b669fae04b5875

    SHA256

    ec8361e43f0f83d0da13261718b8791e5517375fce67b4055d390353a5b2ca00

    SHA512

    5d00edf396efc5c130e1e7071fe027afaaa35d4d746441a1f0e0736c4828941e55e49f5319f5c1739bd75d2b5e03504d59284b2754430e0053e3f8d5f2702e4d

    Download Submit

  • memory/4780-0-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/4780-6-0x0000000000A90000-0x0000000000AB7000-memory.dmp

    Filesize

    156KB

    Download

  • memory/4780-67-0x0000000003660000-0x00000000036BC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4780-73-0x0000000003CD0000-0x0000000003CEF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4780-77-0x0000000000400000-0x0000000000468000-memory.dmp

    Filesize

    416KB

    Download

  • memory/4780-79-0x0000000003CD0000-0x0000000003CEF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4780-78-0x0000000003660000-0x00000000036BC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4780-85-0x0000000003CD0000-0x0000000003CEF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/4780-84-0x0000000003660000-0x00000000036BC000-memory.dmp

    Filesize

    368KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.