Malware Analysis Report

2025-08-10 20:55

Sample ID 240825-hqehyasemn
Target c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118
SHA256 0ba7cf2c0e200b454c58462089e1a3e8beefa2b4dde533c3d3980673b0d35e7d
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

0ba7cf2c0e200b454c58462089e1a3e8beefa2b4dde533c3d3980673b0d35e7d

Threat Level: Shows suspicious behavior

The file c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Checks installed software on the system

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 06:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 06:56

Reported

2024-08-25 06:58

Platform

win7-20240708-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe"

Signatures

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Kudd.com\FacesOfBush.exe C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.look2me.com udp
US 54.161.222.85:80 www.look2me.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 172.67.70.191:443 www.hugedomains.com tcp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 92.123.142.59:80 crl.microsoft.com tcp

Files

C:\Program Files (x86)\Kudd.com\FacesOfBush.exe

MD5 2b5e80b981becf773f7812fa6f3c52b4
SHA1 6725553e2554308025afec5458906b511002c648
SHA256 e7afc380a7b538c733c76ae02a9caeaf920f3401734ee674ccab41a9d3b0b51f
SHA512 c61de9041150a6dd7d6d457fe289e782302812ba7732a338324b4f4eabff160073255a60ff4dd902d169c4572971d14cab9b97bc12c4f4811d3a7fd435458d93

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 06:56

Reported

2024-08-25 06:58

Platform

win10v2004-20240802-en

Max time kernel

134s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe"

Signatures

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Kudd.com\FacesOfBush.exe C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.look2me.com udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 3.140.13.188:80 www.look2me.com tcp
US 8.8.8.8:53 www.hugedomains.com udp
US 104.26.6.37:443 www.hugedomains.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 g.bing.com udp
FR 216.58.214.163:80 c.pki.goog tcp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 188.13.140.3.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 37.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A