Analysis Overview
SHA256
283a1543dfeb0029a0dc877278772e48b76fa36f3d914ecb4e1a55b9f3279945
Threat Level: Shows suspicious behavior
The file 8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Checks whether UAC is enabled
Enumerates physical storage devices
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-04 01:52
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-04 01:52
Reported
2024-11-04 03:48
Platform
win7-20241010-en
Max time kernel
140s
Max time network
127s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436853856" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000e29496107d05f7dbfa0b90b9173ae4503b6cd372bd62da13e59a8b4e16f90c4d000000000e8000000002000020000000e4b62f3baf8546350995d9e75c5a8760ae70c56f5ffa4543fdc7beb3e60d5d5b90000000ed763f7ed665e1b1348327de8d2d9749b879e18efcf980d7f152f8c429027c838fd8fab0bb1fe0a4d98186086189642ede669407860b2090c800be4e5c1725c9974804c9aa0c90c1d0ff6228d0c561d06a966af592566aa6064382f468cab8942c9380908a3e8382e1fc9f1b68df45d8fbac799f880edc7c3924a1d35f9cb97f3de8abf7af482dc89aec8328cc707a8d40000000975cd31a5dd3ff0827f52eb4088c49ba35aacf8329903220abdd32049a9e29e54b5f78a87abef404003a4e151c4ec2885fec95ac949cf9642071cd47d3c2c9c0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000043d20cb9f6e6cf52e85719c4f5da245a8bf6fce5a2e70f76198e9a3d5bf75603000000000e8000000002000020000000364e1b19a5054d39c3997ee58268dac50bc2ab418d5a32fee03c6f658c007b4420000000940512d71c4b55ab85a68a807f698677496fac1beb3f7525b20eca553b89720640000000d8362ebb649eb5e715036d439d4ff92e47ce0dcbd59a00fc8164f20815c2b22de8ab34ff11ac59d5d02c279a2a00906fc10914d977745b933408d8f13a127fd3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E8E1861-9A5F-11EF-BD8C-6252F262FB8A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b063af4c6c2edb01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=570
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.gamecentersolution.com | udp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 8.8.8.8:53 | www.fenomen-games.com | udp |
| US | 159.65.253.100:80 | www.fenomen-games.com | tcp |
| US | 8.8.8.8:53 | www.gamecentersolution.com | udp |
| US | 8.8.8.8:53 | www.gamecentersolution.com | udp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/3032-0-0x0000000000400000-0x000000000055B000-memory.dmp
memory/3032-24-0x0000000000400000-0x000000000055B000-memory.dmp
memory/3032-25-0x0000000000400000-0x000000000055B000-memory.dmp
memory/3032-26-0x0000000000400000-0x000000000055B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab8FC4.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9083.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a30bd77244a55b1549304cb3cffebfe |
| SHA1 | 02f13dd64c4846e3e3c737ca3875b7cf616584eb |
| SHA256 | aeb9041f922966448f4521d65e2ae3ec825c0de0b00bc2147d63e48abed99af6 |
| SHA512 | 0731cfab815d2358d1265c5f498b93cd7d8ecda9fc1ed86bb9a69e66efd1d8c34459a81d6366b069eb080adaf712796362df0908a514dc2e86dcd5111c8a752c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68df469a4b391f9d3bd2208a6cc52173 |
| SHA1 | 5b67d3ba3647790d6b6456a550eba664ac542aad |
| SHA256 | 19171e0cfae1e0d216b5dd423e955043b8b73bad5578cbd9d9314278e645db38 |
| SHA512 | 27ba6310a6f8e9c06907173fd6d3e46d2fe709af2cd6218d59ef08e3c98550df6f8c4d0be462c8a2b0104b98c3b170b1e5b93a3ce4b14030e9e029781397830b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 060e42f68cac2f7d710aa1ce86f872c6 |
| SHA1 | 91d1a80460585866538ff99a12a10901a94c2fe4 |
| SHA256 | bdc7804fe570624090710fe392745fece12ce516193b291005d52e8c6ed8c3b2 |
| SHA512 | 68e9fa36bcec381e32304586b8611c4e8147ccab50334e94301fc41d15a0325917e3589db445403ac0fc281420491b9650d88daefcc2675a9c22159c1f8963d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd48bebc6ce244b6dd759787c8e2f19b |
| SHA1 | 144b3f1b97ead1e69f358f1575ee354129660eb8 |
| SHA256 | cc80fe19358f63220b9eea9431e71c115c4ff20d92ebe984804f4594e1a44448 |
| SHA512 | 45c2145ae2f927fcefb6a1d4584f5e1d6ae552b306cbb565e36613073f676e1428cdf3adcba2f71c07dbd8d5729ddf8f9de39e217c0ecf75acf6fb737c6baa10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b82ec662829639f30e2a181a2129614 |
| SHA1 | 098cba2153710433a29e31250fbe768fa33882fd |
| SHA256 | 65e25812a69fce33994391416a8e6253f11940b47ceb41af564072fa75c373e7 |
| SHA512 | 8f2d5532113e92095d583babda41b8d4da99c10454464bb75502712e5b7b4a7ffb7572aa5ce543697ce200ee85ff5b1cc23cb5d81b3ec8bfa44749adc6bdfc36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2832b2394a2dd701bbf7ab7aa687452 |
| SHA1 | 1730df8abed2da0dc8e8b3353342ce6f2886091c |
| SHA256 | 017b9c2ade5dc44c46c3437a9769ae647ce6bc77dfa84660f841274a0db90404 |
| SHA512 | e247d5faaad5d76b1fd96402fae75ba6cafe28c08e7019a6f481153ada8f9272f3e8bdf791b86a445b795cbc404aa86ff3c626688fd2550135ed180c10985159 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 312877f6f1939a26403d2e6e27b89929 |
| SHA1 | cc3d07d4406565f23dcc650e2a6e3f0cf97f90e6 |
| SHA256 | e2aaa8f6027910667f6e9b028291bab4ecc737c031139d6256266d31aeaf6e13 |
| SHA512 | 3f4bffbdf5e136b379e4059d94af8921f83f1fe350875eda46f16ad72dd01d0958bad183733ffae9f6e245504aa4e578f5d62880d777370065c5002732e7739d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c1f718c8a4de9ac271d2f913b8269a6 |
| SHA1 | 85afc2b7a355fa4057142d3a737cc03d8194a57f |
| SHA256 | f13110fbe88e41e8ce6b150308c858b1b20093abcd34e4e2afdcd50031db5cda |
| SHA512 | c88b35b791f4009f0c13a2fd0b7c6564842772b8f671ad84eff961905f672895fb525dd8f29a56ffa6ce729c6dc309befe5df93fb5788ce5b36597cc120fab8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbb4ca2ad04e91b0559a1f16c8ec08be |
| SHA1 | c7cab348a14f3833f4b916a53c4a26e72ba23dc3 |
| SHA256 | b0f2f592e87ff2bc99df4f96eb744a472778bd59c7cf436b590c506edbd31653 |
| SHA512 | 7f10527d0a348e7668f58499400f67b1eba0143957ac6e1122ba94f103474f4d5c442f28aad59ee467cf0aaab5e774371547c7367243a81e8457dbf8edaecd97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be20d7a7f3ccbbf6c7653ade8daf66dd |
| SHA1 | 01d0a5d540a04baf5b84d7d55c2566737b4f4e3f |
| SHA256 | 2989df4118675fbbf50a28de3a1c6704e71c16c5e6e5151da384b3f788d8a85e |
| SHA512 | 103ed7115a9bfd91414634d5d9b694598c033faa5880b71482a2897d7286865d4ea0653c1efd4191a5f80ef0e4c1f349034732775f320022dcf91c936f62582a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6dc935d84f199ba4fd6efe6b8b008cf |
| SHA1 | c86b6bce02f4e28449190237840e0d187a60b4ce |
| SHA256 | f55fca24632476f33af47e416f29f527ee3ec6a598cc1e49b2dca809751f4d89 |
| SHA512 | 49b25eb5290d81ab5aaa76a2c0f3273f96fd52cea48d0a5a530dde1f8450b250a38506affd3245b8d1c5b003938c8dc7a9c954a3ae225bd6293aa29a27e0b17c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aa9be44edb7a17d53586a11dbb97512 |
| SHA1 | 3400e9b93aa66819cc1c6ea672d6b6b968721e53 |
| SHA256 | 2d4258ab6896d76098803ffb7b2fb424ee9cb5a98ee1f975413dd416e14f847b |
| SHA512 | 7a3114c4fd42d469fecda55a6b8511ee0f5922bde2edaeaa844796ffdebaa0f1b9ad03f4357c7a56804f304b65257f1cd718a3ffce2a3e4aacb7d43cdb7043d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a3f87bf47a3e62cb2fb79c1c9cff7dc |
| SHA1 | 50afa1e27252cfb75fdfa37f4c5f81dc48c5bc13 |
| SHA256 | a4b1214004e322f3270dc7628d0ba4c5024bcc6f4684fa0400162521c61a3b1e |
| SHA512 | 5c447d0dc03ba20061c0827e5a94de1d512c6b009f7740df7bf065674da87d8610257e090d0bb50353750875a46fc03693731627742a7da5b27bb76661735e65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f3e4bb8996a52a5382930a4995d93e7 |
| SHA1 | 330caacdf5e9c48478c208ae2e93fe82ae0052e7 |
| SHA256 | 59a67946c41b220347c4859becda1bc691a43a192419d9cda3f1745581f7d01d |
| SHA512 | cb5cdce03bae82d2b746d381ea373e5b13e6f0f2a25a44e9dddeca99839e8a9afc53fa9481bfd6a743da618397b20172ed5df4c8719cd499f3e09a5acd871d0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c1b44a7222ddbeefbd67815ffce1b41 |
| SHA1 | faf1eec60efbdc8ac69c6b88305feecabfa24239 |
| SHA256 | d98412371361743fb89abf76cbd2881ee93543ac581c9adb6650fbe508fe108d |
| SHA512 | e4a0ad8a9aed37c2b1c25a3ae01fdcc48f309478879e0467f3069cce10319e678eb11995afe65d0087dbcd40bcb36ab4aa28453f230aeb2322cf17de09b8e98d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 038529f710526a0a31729ecf5dc1475f |
| SHA1 | 6548a404e09aa92b1fe32a466cb050edf82b48ff |
| SHA256 | f4e0b2784491565523a26ded02e2ca316fc6cc26542e06ee1c714209e06ba813 |
| SHA512 | e2b1d298115a3f2da0ecbd6bf711fcc4646dc0b37ac2e243ff0b8b81530c800361e1a1520599e9e5c2d62cd3a96759ceb37edadbf99d27af67ad054dcff940d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdfb7242f774e6c991556c0fd44f9a82 |
| SHA1 | 61b86b748151b4993f8739bfddbdf869fd6813f1 |
| SHA256 | 690f2ff3255fc7583e47aba1388c106a73934d0adbd8b45fffbf51d4f458e99c |
| SHA512 | 73e17f1bc6924668fb6fd5798accef4e6364da5848ff194a3fcadfb250292d955a84aa17aaa0d255421173a9630036e4a707940f9a4e533413501dcd5b0a90ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01f10bd3b913db7b9b2d43cc4acd7733 |
| SHA1 | de3631fdb242e4a2017c712ea191bfb9428b3a14 |
| SHA256 | f0f00775a53b02eead10fd3a57329ec4805c48352b8553a463eaa4815dcb0997 |
| SHA512 | 6eb80770e940af8f01a590c0579da6c4897a49ff50db2362e0ef40c0251dcfcd57e99a6f774e2e666af4d7f7835916d13d54e65e066a4b35c5e29f9dbbdf5dd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f3ef6bc37b45bbd9206d4231e21c11b |
| SHA1 | 8a0108586ae4e630593cccfd260b44942a3d021a |
| SHA256 | 927663430de9e2cd97bc778c5040fda30cda514819acbc06cf0d66d2c1d41ca4 |
| SHA512 | 60e943cfcc4b253706dfd4ce51a6771707f7f9b79a84e481f9168010ac0b40b75f741cb684b0109b5e58de4903578c4b071aa0546f68139f14d15ff8f68a5c87 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-04 01:52
Reported
2024-11-04 03:56
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.fenomen-games.com | udp |
| US | 8.8.8.8:53 | www.gamecentersolution.com | udp |
| US | 159.65.253.100:80 | www.fenomen-games.com | tcp |
| US | 184.72.55.36:80 | www.gamecentersolution.com | tcp |
| US | 8.8.8.8:53 | 100.253.65.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/4040-0-0x0000000000400000-0x000000000055B000-memory.dmp
memory/4040-15-0x0000000000400000-0x000000000055B000-memory.dmp
memory/4040-17-0x0000000000400000-0x000000000055B000-memory.dmp