Malware Analysis Report

2025-08-05 10:56

Sample ID 241005-e4yxyszdjf
Target 162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118
SHA256 c84b8140e58cb9a18e18756bf5f08b1d7be318d2abb9db005ede3aca89b913fb
Tags
upx ramnit banker discovery spyware stealer trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c84b8140e58cb9a18e18756bf5f08b1d7be318d2abb9db005ede3aca89b913fb

Threat Level: Known bad

The file 162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

upx ramnit banker discovery spyware stealer trojan worm

Ramnit

Loads dropped DLL

Drops file in System32 directory

UPX packed file

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-05 04:30

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-05 04:30

Reported

2024-10-05 04:32

Platform

win7-20240729-en

Max time kernel

121s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe"

Signatures

Ramnit

trojan spyware stealer worm banker ramnit

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8850CB11-82D2-11EF-8BEB-4E219E925542} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434264489" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8852C6E1-82D2-11EF-8BEB-4E219E925542} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2064 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2064 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2064 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2064 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2064 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2064 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2064 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2064 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2096 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2096 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2096 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2096 wrote to memory of 2900 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2132 wrote to memory of 2204 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2132 wrote to memory of 2204 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2132 wrote to memory of 2204 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2132 wrote to memory of 2204 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.bing.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2064-1-0x0000000000220000-0x0000000000221000-memory.dmp

memory/2064-0-0x0000000000400000-0x0000000000462000-memory.dmp

memory/2064-3-0x0000000000400000-0x0000000000462000-memory.dmp

memory/2064-2-0x00000000002A0000-0x00000000002A1000-memory.dmp

memory/2064-5-0x0000000000400000-0x0000000000462000-memory.dmp

memory/2064-4-0x00000000002B0000-0x00000000002B1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8852C6E1-82D2-11EF-8BEB-4E219E925542}.dat

MD5 9781ebf969814bd25f6c40d0805e2e64
SHA1 e80d7108de7432368e976f755d901477161cac96
SHA256 ecd5a206f8fc0b6fb3ade3e43ecb09f34f3f9ae2d0c8ea374fad0246e98a1e44
SHA512 cd14e5041d41e2b289d6b1ec07e998d820dc878e555ffa9db9703481a8201fc446fd8fe4c2ab507bc4c42f6b975f0a6d97b2986f76fb733bf1b840bc13fe5966

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8850CB11-82D2-11EF-8BEB-4E219E925542}.dat

MD5 a217fdd7bef1261bcca913a8c648c8fd
SHA1 73b36a8d58acb2a49705627cff98179708e20881
SHA256 4066ef6d43d89a9b6e4257963069606ca82964d085371703b1aaffecd4915ad8
SHA512 a7057aa9954e52fa2feef5ffc49778160b326e4879fc1c97f28e04e6ebcfe7f36d21706cd65523fbe59e6794f68bead73fdf4c05963415840af71955661d7087

memory/2064-8-0x0000000000400000-0x0000000000462000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabE8BD.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarE90E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fc95a114bb75966ae477fb31badea00
SHA1 cb1470d7a8d2995627b1759d4174a23ba5b293ec
SHA256 7ac7c2502511abfa8bdf61a9688b281b594e6f3e28610de43ee4f90b19d6b693
SHA512 0e167f1464d1ca262c642fe253a5b1dc5f7b96c7c229c0a72e2e24a91d2fc137fffd2d99a92e4fd85c610aac6931bd5fc62eb2d014f7e670a82d4e4b147c2374

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7ca6ab8127730aa67a738e800b41bf2
SHA1 ed1cec264a51f06f785a0160cbb272302396b1f0
SHA256 5267dba14116d56a7a79a2c086a45852b2d54af5dd7b8b75ef175c92e4b5b5d4
SHA512 7eda262340a0f66127666680c61ecb78f428734c0df75263025aaed32d570fc715da57fe4a22b28940f56fe4227004c9ebdb5987540ae1de918ac7fac5e0d58c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad84da43ca1d5b49409068ed151dccc6
SHA1 61b30b96775031a3acdc1704c797e7001262960e
SHA256 d952e2fc3bb3bb7551da3a4c417d4e3aa48c0b583c56881c76fb3a0371ce9929
SHA512 30181ce52f727ec3e6e9e80b824d8f80dd6b7ddab41e795b7cb0e0fae3ad69c5f6f807775eb6c4ce1a14a152d1213c66ef507d230512f1fff97aa576b1d2fc85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ff17a6f3b19b1ba0dd3663324188bb5
SHA1 3bf24fa89c89a21808b36c9111836df710507ce9
SHA256 2fd038fa8f4ac86bb37337fb02e7cd53d2e7b34d2265150e5794b9fd755d9253
SHA512 7a3417ed5ede8097af71d16eb19e0a6a64fb9e79361784577ada8e6045a3f82d5a30424f732436865c47509985571cde4967342b77a437494c7f44e0e35405d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 853dff1ee0720451ed5b48d211df5016
SHA1 6ca403e1c672a42d21795f9cb3459282b4a82221
SHA256 b3fcd96c382b356738dd4e1c1d8a5ffe487acc45ac97747f977ac3c08b124d1d
SHA512 521ad744b2794f02424f97aecb553be9b704cd08e2ebc7703275a3b22be3ecdbb4a460ddeabe67f9538820e95d2118810568182127cd640da0aa0bc9e6449b8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf3120e8ef573aadedda8a0dce8b5397
SHA1 9645975dfcdad65c841b03a119c285993ecf477e
SHA256 5bf6dda2d2bb0023e679214577b480a378aff5004b2fa1b395499a412c1fbdc1
SHA512 7d6d42260808437ff6625ab79da87aee50f21d2a66d0e6c7a5891fd2493f9de3f68368247b95fdd5baf41b1e2cb9fdde80b3561a7ecc2a25c81c6d580fffeae7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fd5a65f74bbc1b4e05a23cd8b7fcf9b
SHA1 57e46de1aa20f75808a354c61439786fe99a44a2
SHA256 96af861b862e6937cfe1a37b63b7e593fd74142f6c0d3baee37ff6c6b513661e
SHA512 e21b56060b5692bad7d2497f5674863f2f3583ddf156bd04b56e32f76e5ce19dd2e00be2420f8edc26193f0cd9b8b95611dfc0bd3ba741986afa5fb55cef2a0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39c808e32bf0dfe722829571261496cb
SHA1 1511f554d16bf0410bc4a073cc821dcc6f398bf5
SHA256 9fcc7acb50ebdf26bf809bb75fc6dc88e060d4965af3285fe97c6abbfb87011d
SHA512 34b2260cb600ac355e19ee2b122b245b1fa0b0f157d3c8f45b9370caba43c7591e4174f9554aaeba81982646b1817125119360d1f5b8ab7b2b53f9cded49449a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbc8bcf6be9dcda353eb45ed15928ad2
SHA1 9ae8236c2e474366c8d3234f94bdce2c23db9178
SHA256 f89c5622817250d9da09f9683ebe2cb0a979a11b8634a8f77318ff31337eff84
SHA512 22073a51d13815fed9c23770bfd714fde4ff7094a711be944298f739980a012c575b076d1aab3c73690f7d8e45478e6fd12f41e000f7e5d3f173f7f441002e0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ab342ff51a7e1c21cb9bbc15d51282b
SHA1 403bbdde02081d28bf8aa5bea3872b5ad16ba7ae
SHA256 647975bcfc188477a728d6f8bcf491373c95c445443927128ee1da00294b3356
SHA512 e32ef64bda73c4285b13bb6bcee191368d3be38c9cf852796bcd55b0775123801aee84010391653958e9320db2549927fa1c6179cb656b22c60555fbb74d785e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a559568c47800e43da4d4af7157499e
SHA1 bab7cb07b919c569dd8af32d3a4e4ef247f3cd47
SHA256 f246bcb113064a3b454c4c8dd2e98b38d0b2c9b89047967eb497e101dac7d0bc
SHA512 7dd703f74955a726d728d38432ffb021569f70c304806b686823656fac067f84189b5de05c2f844360e9233ab3e388eda16f1fe55459dd79cd2bf7f69a0fe7f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9017b74ee81c4dc4b10f70e75fe952f7
SHA1 7cf3b88092d87d9197aa641478f6c9a0a4558cbc
SHA256 3c2b2278091798137dfa261789484fe3709baf8a9d1ac93b94440f4e7f42d603
SHA512 e431a52ae0c4520a31c9e913abfcf960dc3245725379639905aba1879c6efaa9a04dce8718177e771ab4ff6c8405f965c543e7ff92885f910f65c6aa0d424400

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 563dc0341d6db33721cb7b64002765d1
SHA1 f3dd859f48311e9937e4d9b4fc7fa9f5a7279b35
SHA256 05105468138f12af078a5ae5020e2fffbaf49034d1a82b4cfe613278f005ce8e
SHA512 d77584e6cbc6a565c908d7bd0e3c93015e9a2daf9dea3febfcf96748287d73e47df16d587d0732784bd1edd33c0b0f1355bfa17607bb2d881bab848ff97a3805

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b5820bfd40d8f88ffda5276e98d21cf
SHA1 61ef10f102f5a8a5f5bacfc4a36a2db9c4fe7d06
SHA256 a494ce8cb473569d844972e8c2386d26f41fe5d50b6117982f6035503373095f
SHA512 30e51ce5e62fbc936b17803ceb22100b1cdef8cfa29e363c9a61361e6eb1c7cfbcdfd32e1dbf85f2764fc63b19ec7f8e6443b62e6b73ef208f402ed5bec9ddac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 940066f4b56350f5c71ba4090f0c7792
SHA1 47e21c6ab01a6689e916295385e7a9b17ca7e809
SHA256 404c0b37c22e8f7538e9c0c368dfde273abe94df110c0f219ec788ee7576f831
SHA512 ce507995b35704d221c29e47e08b3b73a93583ba0391262afd6d721ab2d32c2bc8aa6a9e7bc8c62624ad789db753cdccc39a5ced2471eb4419c84c9d02b4368e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3591483c30eb63ab0a22118598aefae4
SHA1 d03e0e574c3a3c2d26963dde2bf500249a6763cc
SHA256 749198c9fdf36f6ddd02f672bc5e45e28089baa5dd82d17948e1ec253b2deb89
SHA512 97fdc35e7889d3d1ae2e84079092d070a25da3e3fe4ff5fcbad589f7d076ac3b96351841a4e7337cef0b8c2d6b6c282fc0e58d95e508a666921d742cb263b0da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec67534ffff26a13ed1bb56ffbce9c2d
SHA1 fa03a6ac33d1510b66989674aec221cc5cd96382
SHA256 865332b946e80195eb8a767f626cae0999b7dfeb78a439aea494009be8d833b2
SHA512 e6c3959e36033f40016b5b82c199ac5cec78589a034450f933e793e045a45f6e5ac410bba74e9a201bf5f0f0c1dddf2491e06f470478f19dab53f8fce2788371

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5f8e214dd1f9c22935a44850fdfbc85
SHA1 1327cc84706d4dc0cb09c6d42a2f11e135630b61
SHA256 d7af1892ca931918f40fbc36de32a977d543323f544b719e791e36d88dc0d1c8
SHA512 617f16988855dce79867e08075804c2b7c4c1cca9d6f574597f4f5c9b40c5baf3e2c245f008d35153eb0434408bca8fbb5717056ce4c7f4f9fbb5f4acacaf1fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06ebf9076c43673e69a8d5bf62deb294
SHA1 8efcdf2e1fa6acfb6188355a9988267ec36c8cbe
SHA256 c436c2d507b81edf48d03a3a9da4ddc2e073b2dbee6453a65450e7de01c67f80
SHA512 6336616aa7f9a61fc3535716c3f3d971a72e517ebead3e61336688bce456f588f3d8d59c94fc6b9a073276003e85921e7e3f7963f2e5e794e2491496442fd8ca

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-05 04:30

Reported

2024-10-05 04:32

Platform

win10v2004-20240802-en

Max time kernel

94s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\o~305140.dl_ C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe N/A
File created C:\Windows\SysWOW64\o~305140.dll C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\162a018fb1079e2c8ecaa0ee3766c879_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/2232-0-0x0000000000400000-0x0000000000462000-memory.dmp

C:\Windows\SysWOW64\o~305140.dll

MD5 379d7c0b2dc783571e4b008108f115a5
SHA1 1491d9607cc368bd7b2e081c7ab8597deb541821
SHA256 a9e77e5865e5c4aad84fb4c77801bf56b2e2a6a94ad256bd079deac24aeaa96c
SHA512 ae80450a8d0720b14295329c983b38beb39ccd4d10cc2296189b9ef1897b2f298f06ea2a0deeba1c43b2500449160433ae419e1a21f87c3493b1bbac91dd4e2c

memory/2232-5-0x0000000010000000-0x0000000010015000-memory.dmp

memory/2232-7-0x0000000000400000-0x0000000000462000-memory.dmp