Analysis Overview
SHA256
c54d6d49c22db7490618e514f34da49943d19022c5d3b6ad61d72d65c776375d
Threat Level: Shows suspicious behavior
The file 8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks whether UAC is enabled
UPX packed file
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Unsigned PE
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-04 01:09
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-04 01:09
Reported
2024-11-04 03:21
Platform
win7-20240903-en
Max time kernel
140s
Max time network
152s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f0000000002000000000010660000000100002000000083d7828ffc3946de53d0e524fffcd511a292a077453e888a865ff54960a66248000000000e8000000002000020000000ec5d63bf5d50f24a71fdadce11f81ddeb1bde6b5a84f4c028fb83977605d7a289000000070be878259abe951d6e1cb671624841d44863489689d3b5a4d907edc38e8c3b1be3a34e98fc2a9265fb7e388f08507743ea07bd8cdab8aa6f27e79fcf19deb1c391ed4745b6d2bd48904c444d489fea9cafb9e70f73e5127adbb469d4efa3a188cb4239e375017af7384efced435e71e3b4464fefa520cdae4862c12b0430f499980a415abfb33c8670efd93a95509a040000000c0e70d082d8e08a4561b46d33a195e8e20fce3ed2f1fcd70a32f4c0b70dfe925223cfa62dca645e25be9254023fe5f26dd3df579e6d5aeabe4c229395847df1e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50458b8e682edb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0DE85F1-9A5B-11EF-BA28-E699F793024F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436852248" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f0000000002000000000010660000000100002000000058ef13dc3c4d0032f81b680e28548f16e49163799648fc6966d98489f642e79c000000000e8000000002000020000000741d684e20d31790f276a725ecd37f0b9d708c80cf7085939849334ba1ab8f0620000000b7844185e2c7739c6e12afe99dc9721b7818b194edc440704a17ceeccf53626f400000001f15a64473a1651a96ae707699f2a1e26ce077ddfabd3eff9c04737554c93c8c2ca85f5af4ddbc202964dc75dad6a6fc9887703af53a841c80c7aebc08e82014 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=527
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.gamecentersolution.com | udp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 8.8.8.8:53 | www.fenomen-games.com | udp |
| US | 159.65.253.100:80 | www.fenomen-games.com | tcp |
| US | 8.8.8.8:53 | www.gamecentersolution.com | udp |
| US | 8.8.8.8:53 | www.gamecentersolution.com | udp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2532-1-0x0000000000400000-0x000000000058B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FG.url
| MD5 | 0fcf82b5a915470e8a79d3516f582a36 |
| SHA1 | 75f81b41607905b231521243129aff3554a58db0 |
| SHA256 | 076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4 |
| SHA512 | adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293 |
memory/2532-24-0x0000000000400000-0x000000000058B000-memory.dmp
memory/2532-26-0x0000000000400000-0x000000000058B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabADFC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarAE9D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ecdd112e9c21f8dbb7b08e50cd5bab6 |
| SHA1 | 9256867fe0fab827380ab618c8d825bf45782da5 |
| SHA256 | 166f6254e7a7f96298efb569ad0ec085d2d7d68b0a9618a88954e040a071face |
| SHA512 | 32b86de04b2a552fe368dadd0c7cb977ea25166943e4f8b98bbc53b20707847926e6b92a3b2ae1222ff4d1f703a795f6d4d199f75aaf9c44cc286ca1487909fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d73c374f8d13015416c4e0bd3a55524 |
| SHA1 | 1bea00b9ac39f35e074241cbabad4832afe5f167 |
| SHA256 | 78220f2bb69adfc1aa13a5ae53ff1318e54a10f079d11824ea4631ebeaa63047 |
| SHA512 | 47296c5fc52533e2eb14c51da32c63ae090e3db0430bf4d6be3741c0bb347b40f015bf9a0cb2087236a554f3cdfad5fcf858740f49dd6c97ce51e850dcc01559 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 399d88621a8d645af3ea35f54352110d |
| SHA1 | ead7b2aa93a59045747acd29400aa9cec0192acf |
| SHA256 | 4a6c77f817ff2efbc8c9f916b6e542aceb92e8115a19421c2cab762f11b20b6b |
| SHA512 | 72c6d8eb3e2542142621642c4ab140baf5b23f9c8ffc4c7db5e158f4ab51ca9087eddd8b60ada5472af30a33c5198457bbaffc76d1cbe50bdd5df20b0fcf56bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 317d50f581fa6dcbf82cf34e9c1c3d69 |
| SHA1 | f8e5e5e9d763cfb627f972743f28e764226c73fe |
| SHA256 | fd93e5f4fde0c0a7932b47cd1c587be0e11bc0f1c87cdea57d282b428fd85369 |
| SHA512 | 1247159170186446f65bdbb8dc825f54a81467b777716b077562b7328429df2a9863e5b2ce00b50c4969893b70b4965aefbbf1fb13f07cae1bf79b8d7c27e3c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f92b6d4aebaf84880bb1c438d0e8377d |
| SHA1 | 83ae7606b3d3e9dea012f073375e26beb1b1c601 |
| SHA256 | 6f87e89fb6962049cfe2c84eeb6e618e54652d8655a928e44cad591fef1bb109 |
| SHA512 | 632b704c9dec4ddd9beeecd8b5f87d9da413f215688f0b13a25657460eb4b189cd9a45c6b2701ea943102bef2a74b2ef2cf28c60bf0d6b41bc8e24e2124ce1d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d247bacae055b60b2c8577f65b99c81 |
| SHA1 | dd96c655a65feb7df1815f717004a90de2ed94a0 |
| SHA256 | a520d984e37da31d149b9f17aad90026fbb2826914776e95ca9ee562e9dfd819 |
| SHA512 | 924851f83e3afd9ba40e189478d2b2d216961a82be3714cfc698e2fc1508739ca7d6b941803136cf9d4b6d740de41d657ea77092497775028125537fb157a823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f87e0956a5963a6ce8550891ca0e14c |
| SHA1 | e6bbf5e087bfd1f8386fbb0f66fcb09fe5e9885d |
| SHA256 | 42faa6f0340aa8764cb2715b950c34392861e6b6b1e9a11839804db93ef02c76 |
| SHA512 | 15703faefdb20668c127ab927d63a1fe3fed74b3af615ab10abc5a412d071797e6c7cbcc390cccccc9e985cc8be81d8c9b4832da5e4a67774c36578e666d51b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 337ffba9f14631598a3adba2008acdc8 |
| SHA1 | 28591b376b5823ed0a61817ca66f1593a1be93e3 |
| SHA256 | 4301e5e962a32bbc45f9b6b0ed3c4e662dddb34bc9ff79be54498039422dfd40 |
| SHA512 | 528676938ccb1c8c0d9a38a87b2b8224c52905cae98f0bb2c7c7a3d6927856d40f90967c04c834feb16efebab47da7b3f2d2b452391f402f08c46c6335097048 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2319405f8ca75aa1c51ed606fa88d2d |
| SHA1 | e16643f905c209aa5fc9259e2faba3a99b5702bf |
| SHA256 | 8c1f7a1ebdcf2738ac4c7d1217ebc87e3bb3ea25f315340a9df0f451cb55b5cc |
| SHA512 | 057699a267d1940e42c9ac5478a42b0e96330ba005b0b745b2100dff2caf2ee6ffec2747e1704c1478f54b40fccf28489e3c5a6c5960f5fc2ea976a7e9ea9b21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af55adf663f6bbd0927bf87d9fcc36fb |
| SHA1 | a688a938d9a06b7d92b0df8392bc84fce4aa3d00 |
| SHA256 | 3e751fbabfbe908ffc460b065f06e9622b1f0f349729d07b9f6a553ba9b70cad |
| SHA512 | e50e2c4b99787d2957adbb94860a8441e7468b1dbfb75a1ad58d317f442ef0099299bb2450acbc5c11a61562564a62c28b7113ea6d6c0f6899ccc44c30a96c70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d20ae66e55a16c535a8ae95db72ecba9 |
| SHA1 | b63b2844df1619e5ea658f00279770e28705930b |
| SHA256 | c9765cc9ebd791928d8c4c47b715db98606a1c187b124ee6784829bb06d1bf65 |
| SHA512 | 12f7d7c82bceede4d02f3728331f0fe9d7884d3e009a194b75c1aa64eec88d5f5f80dcd69b2af3e08c589be609b48fc0e74da23b7b5652d203dc672c24039b09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2286b2690436273f7477b41489787e0 |
| SHA1 | 669a961899aef46f25a16ef6347d8e9b1f468fb1 |
| SHA256 | 9582c3ef307b57eee236065a43c74694e353385b50cc82f393608894dc2ef0eb |
| SHA512 | f41d9f6ab331c65dc44906a4d32117cf9300b32989454e7b3495e77530c051a594713b9ebf0276341f00d42f5fa909bd9ac409bc20a051e5c3609dc83e9b3aff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7929c853c84f5da382834b56aff9a68a |
| SHA1 | 7b130a8ee43d2449d6002b37578a9880105e57a5 |
| SHA256 | b5702737ab6ef3bfeabe3021f974224bfd7f2945e5dc82e278a4b0376528f773 |
| SHA512 | f1dace72fdcaed8b0b1ba5f61b816a5ad1c7861d5edcd70665bdd9b9fe8f5fb4599905b13b2d33a8a85c30fb3002bc1edf79b559ea8ab25374196027418d6404 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f372e4662fa84ef4a9ea4ae0bd465eac |
| SHA1 | c4aa719313251aef1b4870d95855213d45d19ee9 |
| SHA256 | a0f18ba98f13d35de1fe2c22f2550d4256c0c9a7ef49e946b4c2a95388adc410 |
| SHA512 | b20e3e8dbc9b78b0d05653b3dbb26f1fdf5d66dd126be35b3de8b0bd8b50ce5bf00b623022571b7367a59575138dc521ab5e0c637541e99a11f0561107ae2a65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2006f309e8dd8ba96984b85c42f0284 |
| SHA1 | 287b38d839b0d6b3df329f16a679719078ff7f17 |
| SHA256 | e51d62b249b769abd391d8d527c74eb65eecff64c344791db8166e0c7ef43bce |
| SHA512 | 36e4c627aed7a7388ff0ad0412da40e2c716cbff545b418743407d2dc1151ddeedd5b82dca10a0bc5b3660c7d0d2823f12570d208dc488c54a1fd8d99bf839d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2f4c3619a8381f1221824e6a065491e |
| SHA1 | ede425511866d2560bc3ce3b1f55aedf8420a3e4 |
| SHA256 | 834e8f4f17d887617a2e2cd813766a80a4550ab8c332f29e363cda1544387de7 |
| SHA512 | 1bdc2c274dfc3b68ed4a743b55ab24841e528512c95a26593f9cbf77d975a41689df9321f3a52d3b135968062356fb4a0a6d203d423d7f02a4b01f2d09834e60 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-04 01:09
Reported
2024-11-04 03:21
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
140s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.fenomen-games.com | udp |
| US | 8.8.8.8:53 | www.gamecentersolution.com | udp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 159.65.253.100:80 | www.fenomen-games.com | tcp |
| US | 8.8.8.8:53 | 100.253.65.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/2812-0-0x0000000000400000-0x000000000058B000-memory.dmp
memory/2812-15-0x0000000000400000-0x000000000058B000-memory.dmp
memory/2812-17-0x0000000000400000-0x000000000058B000-memory.dmp