Overview

overview

5

Static

static

5

27aedc6af6...18.exe

windows7-x64

5

27aedc6af6...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/10/2024, 00:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe

  • Size

    398KB

  • MD5

    27aedc6af680882c9cd1b0ade0e87bdd

  • SHA1

    55dd5cbe8e54d90a8de551af7f1d45483e78f963

  • SHA256

    a15db3e9f111fe92fe03929d9901c6ecdd9e580ad1bd840b35b190d9f8d17b70

  • SHA512

    b8bc5a213b3649ae7680c6ef6607f57adb35ff6d48510533104ef11bf644572ef5205e104d3d21629e34bd2bbda4536d5d9f2c3bdb8b38ec2e5fdd629d795035

  • SSDEEP

    12288:SQt3YaXVedjuVIUhYXecsbgeasf3SdMK8LtlIxUHvM1v:5Iy7VICYXecsEYfaMK8LbIeH6v

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4504

Network

  • flag-us
    DNS
    locator.realtimegaming.com
    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    locator.realtimegaming.com
    IN A
    Response
    locator.realtimegaming.com
    IN A
    34.80.133.226
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    14.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    casinohelp.realtimegaming.com
    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    casinohelp.realtimegaming.com
    IN A
    Response
  • flag-us
    DNS
    casinohelp.realtimegaming.com
    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    casinohelp.realtimegaming.com
    IN A
    Response
  • flag-us
    DNS
    212.20.149.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.20.149.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    98.117.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.117.19.2.in-addr.arpa
    IN PTR
    Response
    98.117.19.2.in-addr.arpa
    IN PTR
    a2-19-117-98deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 34.80.133.226:20000
    locator.realtimegaming.com
    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    208 B
     4
  • 34.80.133.226:20000
    locator.realtimegaming.com
    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    104 B
     2
  • 34.80.133.226:20000
    locator.realtimegaming.com
    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    208 B
     4
  • 51.105.71.137:443
  • 8.8.8.8:53
    locator.realtimegaming.com
    dns
    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    72 B
     88 B
     1
    1

    DNS Request

    locator.realtimegaming.com

    DNS Response

    34.80.133.226

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    14.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    casinohelp.realtimegaming.com
    dns
    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    75 B
     134 B
     1
    1

    DNS Request

    casinohelp.realtimegaming.com

  • 8.8.8.8:53
    casinohelp.realtimegaming.com
    dns
    27aedc6af680882c9cd1b0ade0e87bdd_JaffaCakes118.exe
    75 B
     134 B
     1
    1

    DNS Request

    casinohelp.realtimegaming.com

  • 8.8.8.8:53
    212.20.149.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    212.20.149.52.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    98.117.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    98.117.19.2.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4504-0-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4504-1-0x0000000000400000-0x0000000000552000-memory.dmp

    Filesize

    1.3MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.