Analysis

  • max time kernel
    94s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:22

General

  • Target

    083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe

  • Size

    150KB

  • MD5

    083bc391e1bf69d3644fa4c10da12927

  • SHA1

    eb9e821898e46b38f3b22d4c4d4c575ac08a9509

  • SHA256

    964b11e6fdb9a5ed9dbed47b9fc7d26af00bce290e7374b15f548aa1d617c6fb

  • SHA512

    c2eefd7eab257fbb9a43b9142384f4a8ecc17abd78f7e004d97db2d3be7c8f151f02c4387c061020e999076e3bf856888a7c859445f92ff04b550b096240800c

  • SSDEEP

    1536:mXKVG8lDlJ5Sk9C5ScSdi3ezP8y1xnLP6Lj/WAvN3EcyEnOs4wwF:rVGCxJ5SkIBez1nOXvXjwF

Score
5/10

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1916

Network

  • flag-us
    DNS
    goldcentre.ru
    083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    goldcentre.ru
    IN A
    Response
    goldcentre.ru
    IN A
    31.31.205.163
  • flag-ru
    GET
    http://goldcentre.ru/get_xml?file_id=31814735&did=357265294&hsig=f93108499f5502c62cd46eac3e39f0630c53b7e639912588a9ef11b5385d9ae5
    083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe
    Remote address:
    31.31.205.163:80
    Request
    GET /get_xml?file_id=31814735&did=357265294&hsig=f93108499f5502c62cd46eac3e39f0630c53b7e639912588a9ef11b5385d9ae5 HTTP/1.1
    Accept: */*
    User-Agent: tiny-dl/nix
    Host: goldcentre.ru
    Response
    HTTP/1.1 404 Not Found
    Content-Type: text/html
    Content-Length: 1468
    Date: Wed, 02 Oct 2024 01:22:29 GMT
    Server: lighttpd/1.4.45
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    163.205.31.31.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    163.205.31.31.in-addr.arpa
    IN PTR
    Response
    163.205.31.31.in-addr.arpa
    IN PTR
    ns1 domainparkingintregru
  • flag-us
    DNS
    133.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.211.185.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.211.185.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • 31.31.205.163:80
    http://goldcentre.ru/get_xml?file_id=31814735&did=357265294&hsig=f93108499f5502c62cd46eac3e39f0630c53b7e639912588a9ef11b5385d9ae5
    http
    083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe
    513 B
    1.8kB
    7
    5

    HTTP Request

    GET http://goldcentre.ru/get_xml?file_id=31814735&did=357265294&hsig=f93108499f5502c62cd46eac3e39f0630c53b7e639912588a9ef11b5385d9ae5

    HTTP Response

    404
  • 8.8.8.8:53
    goldcentre.ru
    dns
    083bc391e1bf69d3644fa4c10da12927_JaffaCakes118.exe
    59 B
    75 B
    1
    1

    DNS Request

    goldcentre.ru

    DNS Response

    31.31.205.163

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    163.205.31.31.in-addr.arpa
    dns
    72 B
    114 B
    1
    1

    DNS Request

    163.205.31.31.in-addr.arpa

  • 8.8.8.8:53
    133.32.126.40.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    133.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    133.211.185.52.in-addr.arpa
    dns
    146 B
    147 B
    2
    1

    DNS Request

    133.211.185.52.in-addr.arpa

    DNS Request

    133.211.185.52.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    31.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1916-0-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

  • memory/1916-1-0x0000000010000000-0x000000001000E000-memory.dmp

    Filesize

    56KB

  • memory/1916-5-0x0000000000400000-0x0000000000457000-memory.dmp

    Filesize

    348KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.