Analysis

  • max time kernel
    121s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 09:25 UTC

General

  • Target

    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe

  • Size

    556KB

  • MD5

    171be7aef2096296d63bfc961f5ec5d3

  • SHA1

    48643535ce7e4d762d3e0bdb7e28ecc12f4fcf4e

  • SHA256

    ac9fcd17a86e8b3bfa031ddd3fea5e3c07d21146347924f6f55c2433c1194642

  • SHA512

    f0757e8f6dcb79dde5375d3d6ef7a884601ee07f5aa0d3049905935efb4fe9285dd55a511bd565c9a8a63285e925de151099fe72ba05a71bdc7c1174c5cfdde4

  • SSDEEP

    12288:R7O3sqPO5kw14/18361HSRUl1ptOyCvIlaG9FnV6I3SNgB:Z2ssOSwDq1HSRUXLDlBV6kSy

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3028

Network

  • flag-us
    DNS
    microsoft.com
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    microsoft.com
    IN A
    Response
    microsoft.com
    IN A
    20.76.201.171
    microsoft.com
    IN A
    20.236.44.162
    microsoft.com
    IN A
    20.112.250.133
    microsoft.com
    IN A
    20.231.239.246
    microsoft.com
    IN A
    20.70.246.20
  • flag-us
    DNS
    newtimedescriptor.com
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    newtimedescriptor.com
    IN A
    Response
  • flag-us
    DNS
    radiovaweonearch.com
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    radiovaweonearch.com
    IN A
    Response
  • flag-us
    DNS
    kinstelertiong.com
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    kinstelertiong.com
    IN A
    Response
  • flag-us
    DNS
    fwnaopz.biz
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    fwnaopz.biz
    IN A
    Response
  • flag-us
    DNS
    ilfrgbqcr.com
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    ilfrgbqcr.com
    IN A
    Response
  • flag-us
    DNS
    dxzqgzr.info
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    dxzqgzr.info
    IN A
    Response
  • flag-us
    DNS
    ggtlznwnu.biz
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    ggtlznwnu.biz
    IN A
    Response
  • flag-us
    DNS
    jbkfrto.net
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    jbkfrto.net
    IN A
    Response
  • flag-us
    DNS
    blvapvm.info
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    blvapvm.info
    IN A
    Response
  • flag-us
    DNS
    hrbbuoqyjv.org
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    hrbbuoqyjv.org
    IN A
    Response
    hrbbuoqyjv.org
    IN A
    216.218.185.162
  • flag-us
    POST
    http://hrbbuoqyjv.org/vWL6pC?sMKrIOTbylHyab=qIsJbfhwArXYmuWKj&CRpfCKGmHyE=MiRDRLqmCnRlvkb
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    Remote address:
    216.218.185.162:80
    Request
    POST /vWL6pC?sMKrIOTbylHyab=qIsJbfhwArXYmuWKj&CRpfCKGmHyE=MiRDRLqmCnRlvkb HTTP/1.1
    Host: hrbbuoqyjv.org
    Content-Length: 65
    Accept-Encoding: deflate
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
    Pragma: no-cache
    Cache-Control: no-cache
    Connection: close
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.21.6
    Date: Sat, 05 Oct 2024 09:25:58 GMT
    Content-Type: application/octet-stream
    Transfer-Encoding: chunked
    Connection: close
  • 216.218.185.162:80
    http://hrbbuoqyjv.org/vWL6pC?sMKrIOTbylHyab=qIsJbfhwArXYmuWKj&CRpfCKGmHyE=MiRDRLqmCnRlvkb
    http
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    1.6kB
    1.1kB
    22
    21

    HTTP Request

    POST http://hrbbuoqyjv.org/vWL6pC?sMKrIOTbylHyab=qIsJbfhwArXYmuWKj&CRpfCKGmHyE=MiRDRLqmCnRlvkb

    HTTP Response

    200
  • 8.8.8.8:53
    microsoft.com
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    59 B
    139 B
    1
    1

    DNS Request

    microsoft.com

    DNS Response

    20.76.201.171
    20.236.44.162
    20.112.250.133
    20.231.239.246
    20.70.246.20

  • 8.8.8.8:53
    newtimedescriptor.com
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    67 B
    140 B
    1
    1

    DNS Request

    newtimedescriptor.com

  • 8.8.8.8:53
    radiovaweonearch.com
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    66 B
    139 B
    1
    1

    DNS Request

    radiovaweonearch.com

  • 8.8.8.8:53
    kinstelertiong.com
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    64 B
    137 B
    1
    1

    DNS Request

    kinstelertiong.com

  • 8.8.8.8:53
    fwnaopz.biz
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    57 B
    119 B
    1
    1

    DNS Request

    fwnaopz.biz

  • 8.8.8.8:53
    ilfrgbqcr.com
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    59 B
    132 B
    1
    1

    DNS Request

    ilfrgbqcr.com

  • 8.8.8.8:53
    dxzqgzr.info
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    58 B
    137 B
    1
    1

    DNS Request

    dxzqgzr.info

  • 8.8.8.8:53
    ggtlznwnu.biz
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    59 B
    121 B
    1
    1

    DNS Request

    ggtlznwnu.biz

  • 8.8.8.8:53
    jbkfrto.net
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    57 B
    130 B
    1
    1

    DNS Request

    jbkfrto.net

  • 8.8.8.8:53
    blvapvm.info
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    58 B
    137 B
    1
    1

    DNS Request

    blvapvm.info

  • 8.8.8.8:53
    hrbbuoqyjv.org
    dns
    171be7aef2096296d63bfc961f5ec5d3_JaffaCakes118.exe
    60 B
    76 B
    1
    1

    DNS Request

    hrbbuoqyjv.org

    DNS Response

    216.218.185.162

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3028-2-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

  • memory/3028-1-0x0000000000479000-0x0000000000487000-memory.dmp

    Filesize

    56KB

  • memory/3028-0-0x0000000000260000-0x000000000026E000-memory.dmp

    Filesize

    56KB

  • memory/3028-3-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

  • memory/3028-5-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

  • memory/3028-4-0x0000000000479000-0x0000000000487000-memory.dmp

    Filesize

    56KB

  • memory/3028-6-0x0000000000400000-0x0000000000492000-memory.dmp

    Filesize

    584KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.