Analysis
-
max time kernel
94s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02-10-2024 01:22
Behavioral task
behavioral1
Sample
083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
General
-
Target
083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe
-
Size
150KB
-
MD5
083bc391e1bf69d3644fa4c10da12927
-
SHA1
eb9e821898e46b38f3b22d4c4d4c575ac08a9509
-
SHA256
964b11e6fdb9a5ed9dbed47b9fc7d26af00bce290e7374b15f548aa1d617c6fb
-
SHA512
c2eefd7eab257fbb9a43b9142384f4a8ecc17abd78f7e004d97db2d3be7c8f151f02c4387c061020e999076e3bf856888a7c859445f92ff04b550b096240800c
-
SSDEEP
1536:mXKVG8lDlJ5Sk9C5ScSdi3ezP8y1xnLP6Lj/WAvN3EcyEnOs4wwF:rVGCxJ5SkIBez1nOXvXjwF
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1916-0-0x0000000000400000-0x0000000000457000-memory.dmp upx behavioral2/memory/1916-5-0x0000000000400000-0x0000000000457000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestgoldcentre.ruIN AResponsegoldcentre.ruIN A31.31.205.163
-
GEThttp://goldcentre.ru/get_xml?file_id=31814735&did=357265294&hsig=f93108499f5502c62cd46eac3e39f0630c53b7e639912588a9ef11b5385d9ae5083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exeRemote address:31.31.205.163:80RequestGET /get_xml?file_id=31814735&did=357265294&hsig=f93108499f5502c62cd46eac3e39f0630c53b7e639912588a9ef11b5385d9ae5 HTTP/1.1
Accept: */*
User-Agent: tiny-dl/nix
Host: goldcentre.ru
ResponseHTTP/1.1 404 Not Found
Content-Length: 1468
Date: Wed, 02 Oct 2024 01:22:29 GMT
Server: lighttpd/1.4.45
-
Remote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request163.205.31.31.in-addr.arpaIN PTRResponse163.205.31.31.in-addr.arpaIN PTRns1 domainparkingintregru
-
Remote address:8.8.8.8:53Request133.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTR
-
Remote address:8.8.8.8:53Request197.87.175.4.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request172.214.232.199.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request83.210.23.2.in-addr.arpaIN PTRResponse83.210.23.2.in-addr.arpaIN PTRa2-23-210-83deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
31.31.205.163:80http://goldcentre.ru/get_xml?file_id=31814735&did=357265294&hsig=f93108499f5502c62cd46eac3e39f0630c53b7e639912588a9ef11b5385d9ae5http083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe513 B 1.8kB 7 5
HTTP Request
GET http://goldcentre.ru/get_xml?file_id=31814735&did=357265294&hsig=f93108499f5502c62cd46eac3e39f0630c53b7e639912588a9ef11b5385d9ae5HTTP Response
404
-
59 B 75 B 1 1
DNS Request
goldcentre.ru
DNS Response
31.31.205.163
-
71 B 157 B 1 1
DNS Request
13.86.106.20.in-addr.arpa
-
72 B 114 B 1 1
DNS Request
163.205.31.31.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
133.32.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
146 B 147 B 2 1
DNS Request
133.211.185.52.in-addr.arpa
DNS Request
133.211.185.52.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
197.87.175.4.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
74 B 128 B 1 1
DNS Request
172.214.232.199.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
240.221.184.93.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
83.210.23.2.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa