Analysis Overview
SHA256
0ba7cf2c0e200b454c58462089e1a3e8beefa2b4dde533c3d3980673b0d35e7d
Threat Level: Shows suspicious behavior
The file c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks installed software on the system
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 06:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 06:56
Reported
2024-08-25 06:58
Platform
win7-20240708-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Kudd.com\FacesOfBush.exe | C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.look2me.com | udp |
| US | 54.161.222.85:80 | www.look2me.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 172.67.70.191:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 92.123.142.59:80 | crl.microsoft.com | tcp |
Files
C:\Program Files (x86)\Kudd.com\FacesOfBush.exe
| MD5 | 2b5e80b981becf773f7812fa6f3c52b4 |
| SHA1 | 6725553e2554308025afec5458906b511002c648 |
| SHA256 | e7afc380a7b538c733c76ae02a9caeaf920f3401734ee674ccab41a9d3b0b51f |
| SHA512 | c61de9041150a6dd7d6d457fe289e782302812ba7732a338324b4f4eabff160073255a60ff4dd902d169c4572971d14cab9b97bc12c4f4811d3a7fd435458d93 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 06:56
Reported
2024-08-25 06:58
Platform
win10v2004-20240802-en
Max time kernel
134s
Max time network
124s
Command Line
Signatures
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Kudd.com\FacesOfBush.exe | C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c0301aaa278cab9117ddc210b6cb0f58_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.look2me.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 3.140.13.188:80 | www.look2me.com | tcp |
| US | 8.8.8.8:53 | www.hugedomains.com | udp |
| US | 104.26.6.37:443 | www.hugedomains.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 188.13.140.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |