Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17-07-2024 21:41

General

  • Target

    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe

  • Size

    732KB

  • MD5

    54e7afca79ee902a013d073d0e4adf90

  • SHA1

    eeff32a473dd7262180c5b10d934f41c1d7da27f

  • SHA256

    1eeb62355e600c625cdbda85f86b2f67a4661f0067f719fe1490af627bfaf505

  • SHA512

    ee3c964ce7b663bdafcdf45ff7b61f820a17f47f49295cf53f65f2d50b2c23d9b8a18c9381aad667e01dc5906f118f71fc8590b8116938ac2ba3cb94f73778a2

  • SSDEEP

    12288:+0G13bfAP+2vGqJWJvxTg+cJaIobkfgFJHZ9HS4MSPYijzmAVgKG7Q/+hGZcS:BGxeJWtAg7HnH9Qij7G8/+hGZ5

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Core1 .NET packer 1 IoCs

    Detects packer/loader used by .NET malware.

  • Adds Run key to start application 2 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    PID:2368

Network

  • flag-us
    DNS
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    severdops.ddns.net
    IN A
    Response
    severdops.ddns.net
    IN A
    45.66.231.87
  • flag-us
    DNS
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    severdops.ddns.net
    IN A
    Response
    severdops.ddns.net
    IN A
    45.66.231.87
  • flag-us
    DNS
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    severdops.ddns.net
    IN A
    Response
    severdops.ddns.net
    IN A
    45.66.231.87
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    80 B
    3
    2
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    80 B
    3
    2
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    80 B
    3
    2
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    80 B
    3
    2
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 45.66.231.87:6204
    severdops.ddns.net
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    152 B
    120 B
    3
    3
  • 8.8.8.8:53
    severdops.ddns.net
    dns
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    64 B
    80 B
    1
    1

    DNS Request

    severdops.ddns.net

    DNS Response

    45.66.231.87

  • 8.8.8.8:53
    severdops.ddns.net
    dns
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    64 B
    80 B
    1
    1

    DNS Request

    severdops.ddns.net

    DNS Response

    45.66.231.87

  • 8.8.8.8:53
    severdops.ddns.net
    dns
    54e7afca79ee902a013d073d0e4adf90_JaffaCakes118.exe
    64 B
    80 B
    1
    1

    DNS Request

    severdops.ddns.net

    DNS Response

    45.66.231.87

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2368-0-0x000007FEF5E13000-0x000007FEF5E14000-memory.dmp

    Filesize

    4KB

  • memory/2368-1-0x000000013FE40000-0x000000013FEFA000-memory.dmp

    Filesize

    744KB

  • memory/2368-2-0x000000001AA70000-0x000000001AAE6000-memory.dmp

    Filesize

    472KB

  • memory/2368-3-0x00000000022B0000-0x00000000022E4000-memory.dmp

    Filesize

    208KB

  • memory/2368-5-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp

    Filesize

    9.9MB

  • memory/2368-6-0x0000000002090000-0x0000000002096000-memory.dmp

    Filesize

    24KB

  • memory/2368-7-0x000007FEF5E13000-0x000007FEF5E14000-memory.dmp

    Filesize

    4KB

  • memory/2368-8-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp

    Filesize

    9.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.