Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    12/08/2024, 10:46 UTC

General

  • Target

    8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe

  • Size

    486KB

  • MD5

    8e717852f44026ab8db4f15fa599b25b

  • SHA1

    51e2f4bbb759f1d7842c115de700393b2ff1f938

  • SHA256

    81a5281ff3903c4ac763706125dc3c4dcfe8103b47585d25b11e2bc1774a9218

  • SHA512

    7981727f6b9cfc47c18648e9996ae03c73abc9c481d5988e69c61c6262fa1f83f8466fbb5ab175b7c2103944467562e4a065ed2973c8b80aca7c2df8b626eb9a

  • SSDEEP

    12288:hBvbS8G0hWgODlx8/c9Vf44gisD7dzW1H:DeshWvZx8uVQwsD7lW

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2408

Network

  • flag-us
    DNS
    www.automaticyaran.com
    8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    www.automaticyaran.com
    IN A
    Response
    www.automaticyaran.com
    IN A
    212.33.206.82
  • flag-ir
    GET
    http://www.automaticyaran.com/e107/plugins/wab.exe
    8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe
    Remote address:
    212.33.206.82:80
    Request
    GET /e107/plugins/wab.exe HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Host: www.automaticyaran.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    set-cookie: d_user_session=666d981baf22167cff12680a735c5dedddd2ab0bac4c0b3c8539fc21b515150c3c563d3aefec72dc4d3e62dbf7789611d1f1c71c75131dc287fb67ed51cfc236; path=/
    set-cookie: d_user_session=ed1821fa8ce35b916ede5a85653b5d16a720f73d3ad94c414f845c7fd23840d57f27dfd5f31c3beded3c9d7df13449cfab523349b4049ecfd7ebfbcd6e3b5d17; path=/
    expires: Wed, 11 Jan 1984 05:00:00 GMT
    cache-control: no-cache, must-revalidate, max-age=0
    content-type: text/html; charset=UTF-8
    link: <https://yaran.co/wp-json/>; rel="https://api.w.org/"
    x-litespeed-cache-control: public,max-age=3600
    x-litespeed-tag: 305_HTTP.404,305_404,305_URL.9dbe297755a86d00704dea1aaba6ace2,305_
    x-litespeed-cache: miss
    content-encoding: gzip
    vary: Accept-Encoding
    transfer-encoding: chunked
    date: Mon, 12 Aug 2024 10:46:48 GMT
    server: LiteSpeed
    connection: Keep-Alive
  • 212.33.206.82:80
    http://www.automaticyaran.com/e107/plugins/wab.exe
    http
    8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe
    1.2kB
    25.7kB
    19
    21

    HTTP Request

    GET http://www.automaticyaran.com/e107/plugins/wab.exe

    HTTP Response

    404
  • 8.8.8.8:53
    www.automaticyaran.com
    dns
    8e717852f44026ab8db4f15fa599b25b_JaffaCakes118.exe
    68 B
    84 B
    1
    1

    DNS Request

    www.automaticyaran.com

    DNS Response

    212.33.206.82

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2408-0-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

  • memory/2408-1-0x0000000000010000-0x000000000008F000-memory.dmp

    Filesize

    508KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.