Analysis

  • max time kernel
    94s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:45

General

  • Target

    eac8ed3aa0ec11fb6838ba53d586672c_JaffaCakes118.exe

  • Size

    265KB

  • MD5

    eac8ed3aa0ec11fb6838ba53d586672c

  • SHA1

    11a9c41a87eecd80a7a63944c5274908fdc8c649

  • SHA256

    88e4a73e2ab273b64e83336979862535c4489263fae0d76497d0a89031e9631f

  • SHA512

    2b75bb6c2019a80abb2aacdecf94c847bc20bb068602486bb8076b25d368f14a19eed72d4376dabfff4bc3c8c20ab836d90826a44bea90fb85b5b0166a0383d7

  • SSDEEP

    6144:SgLw1dILPAX8ln6aB4WP3E29V8S4Dhg0fn2J6Z2SLqF/6x6Xw6xYwXgIkE556gjB:/w1dILPAX8ln6aB4WP3E29V8S4Dhg0f6

Score
7/10

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\eac8ed3aa0ec11fb6838ba53d586672c_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eac8ed3aa0ec11fb6838ba53d586672c_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4708

Network

  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
No results found
  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    144 B
    158 B
    2
    1

    DNS Request

    19.229.111.52.in-addr.arpa

    DNS Request

    19.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4708-0-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

  • memory/4708-1-0x0000000000400000-0x0000000000462000-memory.dmp

    Filesize

    392KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.