Malware Analysis Report

2025-06-16 06:57

Sample ID 241104-bh1b4szbpa
Target 8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118
SHA256 c54d6d49c22db7490618e514f34da49943d19022c5d3b6ad61d72d65c776375d
Tags
upx discovery evasion trojan
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

c54d6d49c22db7490618e514f34da49943d19022c5d3b6ad61d72d65c776375d

Threat Level: Shows suspicious behavior

The file 8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx discovery evasion trojan

Checks whether UAC is enabled

UPX packed file

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-04 01:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-04 01:09

Reported

2024-11-04 03:21

Platform

win7-20240903-en

Max time kernel

140s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f0000000002000000000010660000000100002000000083d7828ffc3946de53d0e524fffcd511a292a077453e888a865ff54960a66248000000000e8000000002000020000000ec5d63bf5d50f24a71fdadce11f81ddeb1bde6b5a84f4c028fb83977605d7a289000000070be878259abe951d6e1cb671624841d44863489689d3b5a4d907edc38e8c3b1be3a34e98fc2a9265fb7e388f08507743ea07bd8cdab8aa6f27e79fcf19deb1c391ed4745b6d2bd48904c444d489fea9cafb9e70f73e5127adbb469d4efa3a188cb4239e375017af7384efced435e71e3b4464fefa520cdae4862c12b0430f499980a415abfb33c8670efd93a95509a040000000c0e70d082d8e08a4561b46d33a195e8e20fce3ed2f1fcd70a32f4c0b70dfe925223cfa62dca645e25be9254023fe5f26dd3df579e6d5aeabe4c229395847df1e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50458b8e682edb01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0DE85F1-9A5B-11EF-BA28-E699F793024F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436852248" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f0000000002000000000010660000000100002000000058ef13dc3c4d0032f81b680e28548f16e49163799648fc6966d98489f642e79c000000000e8000000002000020000000741d684e20d31790f276a725ecd37f0b9d708c80cf7085939849334ba1ab8f0620000000b7844185e2c7739c6e12afe99dc9721b7818b194edc440704a17ceeccf53626f400000001f15a64473a1651a96ae707699f2a1e26ce077ddfabd3eff9c04737554c93c8c2ca85f5af4ddbc202964dc75dad6a6fc9887703af53a841c80c7aebc08e82014 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=527

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.gamecentersolution.com udp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 8.8.8.8:53 www.fenomen-games.com udp
US 159.65.253.100:80 www.fenomen-games.com tcp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2532-1-0x0000000000400000-0x000000000058B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\FG.url

MD5 0fcf82b5a915470e8a79d3516f582a36
SHA1 75f81b41607905b231521243129aff3554a58db0
SHA256 076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4
SHA512 adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

memory/2532-24-0x0000000000400000-0x000000000058B000-memory.dmp

memory/2532-26-0x0000000000400000-0x000000000058B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabADFC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarAE9D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ecdd112e9c21f8dbb7b08e50cd5bab6
SHA1 9256867fe0fab827380ab618c8d825bf45782da5
SHA256 166f6254e7a7f96298efb569ad0ec085d2d7d68b0a9618a88954e040a071face
SHA512 32b86de04b2a552fe368dadd0c7cb977ea25166943e4f8b98bbc53b20707847926e6b92a3b2ae1222ff4d1f703a795f6d4d199f75aaf9c44cc286ca1487909fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d73c374f8d13015416c4e0bd3a55524
SHA1 1bea00b9ac39f35e074241cbabad4832afe5f167
SHA256 78220f2bb69adfc1aa13a5ae53ff1318e54a10f079d11824ea4631ebeaa63047
SHA512 47296c5fc52533e2eb14c51da32c63ae090e3db0430bf4d6be3741c0bb347b40f015bf9a0cb2087236a554f3cdfad5fcf858740f49dd6c97ce51e850dcc01559

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 399d88621a8d645af3ea35f54352110d
SHA1 ead7b2aa93a59045747acd29400aa9cec0192acf
SHA256 4a6c77f817ff2efbc8c9f916b6e542aceb92e8115a19421c2cab762f11b20b6b
SHA512 72c6d8eb3e2542142621642c4ab140baf5b23f9c8ffc4c7db5e158f4ab51ca9087eddd8b60ada5472af30a33c5198457bbaffc76d1cbe50bdd5df20b0fcf56bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 317d50f581fa6dcbf82cf34e9c1c3d69
SHA1 f8e5e5e9d763cfb627f972743f28e764226c73fe
SHA256 fd93e5f4fde0c0a7932b47cd1c587be0e11bc0f1c87cdea57d282b428fd85369
SHA512 1247159170186446f65bdbb8dc825f54a81467b777716b077562b7328429df2a9863e5b2ce00b50c4969893b70b4965aefbbf1fb13f07cae1bf79b8d7c27e3c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f92b6d4aebaf84880bb1c438d0e8377d
SHA1 83ae7606b3d3e9dea012f073375e26beb1b1c601
SHA256 6f87e89fb6962049cfe2c84eeb6e618e54652d8655a928e44cad591fef1bb109
SHA512 632b704c9dec4ddd9beeecd8b5f87d9da413f215688f0b13a25657460eb4b189cd9a45c6b2701ea943102bef2a74b2ef2cf28c60bf0d6b41bc8e24e2124ce1d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d247bacae055b60b2c8577f65b99c81
SHA1 dd96c655a65feb7df1815f717004a90de2ed94a0
SHA256 a520d984e37da31d149b9f17aad90026fbb2826914776e95ca9ee562e9dfd819
SHA512 924851f83e3afd9ba40e189478d2b2d216961a82be3714cfc698e2fc1508739ca7d6b941803136cf9d4b6d740de41d657ea77092497775028125537fb157a823

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f87e0956a5963a6ce8550891ca0e14c
SHA1 e6bbf5e087bfd1f8386fbb0f66fcb09fe5e9885d
SHA256 42faa6f0340aa8764cb2715b950c34392861e6b6b1e9a11839804db93ef02c76
SHA512 15703faefdb20668c127ab927d63a1fe3fed74b3af615ab10abc5a412d071797e6c7cbcc390cccccc9e985cc8be81d8c9b4832da5e4a67774c36578e666d51b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 337ffba9f14631598a3adba2008acdc8
SHA1 28591b376b5823ed0a61817ca66f1593a1be93e3
SHA256 4301e5e962a32bbc45f9b6b0ed3c4e662dddb34bc9ff79be54498039422dfd40
SHA512 528676938ccb1c8c0d9a38a87b2b8224c52905cae98f0bb2c7c7a3d6927856d40f90967c04c834feb16efebab47da7b3f2d2b452391f402f08c46c6335097048

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2319405f8ca75aa1c51ed606fa88d2d
SHA1 e16643f905c209aa5fc9259e2faba3a99b5702bf
SHA256 8c1f7a1ebdcf2738ac4c7d1217ebc87e3bb3ea25f315340a9df0f451cb55b5cc
SHA512 057699a267d1940e42c9ac5478a42b0e96330ba005b0b745b2100dff2caf2ee6ffec2747e1704c1478f54b40fccf28489e3c5a6c5960f5fc2ea976a7e9ea9b21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af55adf663f6bbd0927bf87d9fcc36fb
SHA1 a688a938d9a06b7d92b0df8392bc84fce4aa3d00
SHA256 3e751fbabfbe908ffc460b065f06e9622b1f0f349729d07b9f6a553ba9b70cad
SHA512 e50e2c4b99787d2957adbb94860a8441e7468b1dbfb75a1ad58d317f442ef0099299bb2450acbc5c11a61562564a62c28b7113ea6d6c0f6899ccc44c30a96c70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d20ae66e55a16c535a8ae95db72ecba9
SHA1 b63b2844df1619e5ea658f00279770e28705930b
SHA256 c9765cc9ebd791928d8c4c47b715db98606a1c187b124ee6784829bb06d1bf65
SHA512 12f7d7c82bceede4d02f3728331f0fe9d7884d3e009a194b75c1aa64eec88d5f5f80dcd69b2af3e08c589be609b48fc0e74da23b7b5652d203dc672c24039b09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2286b2690436273f7477b41489787e0
SHA1 669a961899aef46f25a16ef6347d8e9b1f468fb1
SHA256 9582c3ef307b57eee236065a43c74694e353385b50cc82f393608894dc2ef0eb
SHA512 f41d9f6ab331c65dc44906a4d32117cf9300b32989454e7b3495e77530c051a594713b9ebf0276341f00d42f5fa909bd9ac409bc20a051e5c3609dc83e9b3aff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7929c853c84f5da382834b56aff9a68a
SHA1 7b130a8ee43d2449d6002b37578a9880105e57a5
SHA256 b5702737ab6ef3bfeabe3021f974224bfd7f2945e5dc82e278a4b0376528f773
SHA512 f1dace72fdcaed8b0b1ba5f61b816a5ad1c7861d5edcd70665bdd9b9fe8f5fb4599905b13b2d33a8a85c30fb3002bc1edf79b559ea8ab25374196027418d6404

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f372e4662fa84ef4a9ea4ae0bd465eac
SHA1 c4aa719313251aef1b4870d95855213d45d19ee9
SHA256 a0f18ba98f13d35de1fe2c22f2550d4256c0c9a7ef49e946b4c2a95388adc410
SHA512 b20e3e8dbc9b78b0d05653b3dbb26f1fdf5d66dd126be35b3de8b0bd8b50ce5bf00b623022571b7367a59575138dc521ab5e0c637541e99a11f0561107ae2a65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2006f309e8dd8ba96984b85c42f0284
SHA1 287b38d839b0d6b3df329f16a679719078ff7f17
SHA256 e51d62b249b769abd391d8d527c74eb65eecff64c344791db8166e0c7ef43bce
SHA512 36e4c627aed7a7388ff0ad0412da40e2c716cbff545b418743407d2dc1151ddeedd5b82dca10a0bc5b3660c7d0d2823f12570d208dc488c54a1fd8d99bf839d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2f4c3619a8381f1221824e6a065491e
SHA1 ede425511866d2560bc3ce3b1f55aedf8420a3e4
SHA256 834e8f4f17d887617a2e2cd813766a80a4550ab8c332f29e363cda1544387de7
SHA512 1bdc2c274dfc3b68ed4a743b55ab24841e528512c95a26593f9cbf77d975a41689df9321f3a52d3b135968062356fb4a0a6d203d423d7f02a4b01f2d09834e60

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-04 01:09

Reported

2024-11-04 03:21

Platform

win10v2004-20241007-en

Max time kernel

140s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8e67ea32e5e1f2537a1989e90484ec66_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.fenomen-games.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 159.65.253.100:80 www.fenomen-games.com tcp
US 8.8.8.8:53 100.253.65.159.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2812-0-0x0000000000400000-0x000000000058B000-memory.dmp

memory/2812-15-0x0000000000400000-0x000000000058B000-memory.dmp

memory/2812-17-0x0000000000400000-0x000000000058B000-memory.dmp