Malware Analysis Report

2025-06-16 06:59

Sample ID 241104-caxfxssrem
Target 8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118
SHA256 283a1543dfeb0029a0dc877278772e48b76fa36f3d914ecb4e1a55b9f3279945
Tags
aspackv2 discovery evasion trojan
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

283a1543dfeb0029a0dc877278772e48b76fa36f3d914ecb4e1a55b9f3279945

Threat Level: Shows suspicious behavior

The file 8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2 discovery evasion trojan

ASPack v2.12-2.42

Checks whether UAC is enabled

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-04 01:52

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-04 01:52

Reported

2024-11-04 03:48

Platform

win7-20241010-en

Max time kernel

140s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436853856" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000e29496107d05f7dbfa0b90b9173ae4503b6cd372bd62da13e59a8b4e16f90c4d000000000e8000000002000020000000e4b62f3baf8546350995d9e75c5a8760ae70c56f5ffa4543fdc7beb3e60d5d5b90000000ed763f7ed665e1b1348327de8d2d9749b879e18efcf980d7f152f8c429027c838fd8fab0bb1fe0a4d98186086189642ede669407860b2090c800be4e5c1725c9974804c9aa0c90c1d0ff6228d0c561d06a966af592566aa6064382f468cab8942c9380908a3e8382e1fc9f1b68df45d8fbac799f880edc7c3924a1d35f9cb97f3de8abf7af482dc89aec8328cc707a8d40000000975cd31a5dd3ff0827f52eb4088c49ba35aacf8329903220abdd32049a9e29e54b5f78a87abef404003a4e151c4ec2885fec95ac949cf9642071cd47d3c2c9c0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000043d20cb9f6e6cf52e85719c4f5da245a8bf6fce5a2e70f76198e9a3d5bf75603000000000e8000000002000020000000364e1b19a5054d39c3997ee58268dac50bc2ab418d5a32fee03c6f658c007b4420000000940512d71c4b55ab85a68a807f698677496fac1beb3f7525b20eca553b89720640000000d8362ebb649eb5e715036d439d4ff92e47ce0dcbd59a00fc8164f20815c2b22de8ab34ff11ac59d5d02c279a2a00906fc10914d977745b933408d8f13a127fd3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E8E1861-9A5F-11EF-BD8C-6252F262FB8A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b063af4c6c2edb01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=570

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.gamecentersolution.com udp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 8.8.8.8:53 www.fenomen-games.com udp
US 159.65.253.100:80 www.fenomen-games.com tcp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/3032-0-0x0000000000400000-0x000000000055B000-memory.dmp

memory/3032-24-0x0000000000400000-0x000000000055B000-memory.dmp

memory/3032-25-0x0000000000400000-0x000000000055B000-memory.dmp

memory/3032-26-0x0000000000400000-0x000000000055B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab8FC4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9083.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a30bd77244a55b1549304cb3cffebfe
SHA1 02f13dd64c4846e3e3c737ca3875b7cf616584eb
SHA256 aeb9041f922966448f4521d65e2ae3ec825c0de0b00bc2147d63e48abed99af6
SHA512 0731cfab815d2358d1265c5f498b93cd7d8ecda9fc1ed86bb9a69e66efd1d8c34459a81d6366b069eb080adaf712796362df0908a514dc2e86dcd5111c8a752c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68df469a4b391f9d3bd2208a6cc52173
SHA1 5b67d3ba3647790d6b6456a550eba664ac542aad
SHA256 19171e0cfae1e0d216b5dd423e955043b8b73bad5578cbd9d9314278e645db38
SHA512 27ba6310a6f8e9c06907173fd6d3e46d2fe709af2cd6218d59ef08e3c98550df6f8c4d0be462c8a2b0104b98c3b170b1e5b93a3ce4b14030e9e029781397830b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 060e42f68cac2f7d710aa1ce86f872c6
SHA1 91d1a80460585866538ff99a12a10901a94c2fe4
SHA256 bdc7804fe570624090710fe392745fece12ce516193b291005d52e8c6ed8c3b2
SHA512 68e9fa36bcec381e32304586b8611c4e8147ccab50334e94301fc41d15a0325917e3589db445403ac0fc281420491b9650d88daefcc2675a9c22159c1f8963d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd48bebc6ce244b6dd759787c8e2f19b
SHA1 144b3f1b97ead1e69f358f1575ee354129660eb8
SHA256 cc80fe19358f63220b9eea9431e71c115c4ff20d92ebe984804f4594e1a44448
SHA512 45c2145ae2f927fcefb6a1d4584f5e1d6ae552b306cbb565e36613073f676e1428cdf3adcba2f71c07dbd8d5729ddf8f9de39e217c0ecf75acf6fb737c6baa10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b82ec662829639f30e2a181a2129614
SHA1 098cba2153710433a29e31250fbe768fa33882fd
SHA256 65e25812a69fce33994391416a8e6253f11940b47ceb41af564072fa75c373e7
SHA512 8f2d5532113e92095d583babda41b8d4da99c10454464bb75502712e5b7b4a7ffb7572aa5ce543697ce200ee85ff5b1cc23cb5d81b3ec8bfa44749adc6bdfc36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2832b2394a2dd701bbf7ab7aa687452
SHA1 1730df8abed2da0dc8e8b3353342ce6f2886091c
SHA256 017b9c2ade5dc44c46c3437a9769ae647ce6bc77dfa84660f841274a0db90404
SHA512 e247d5faaad5d76b1fd96402fae75ba6cafe28c08e7019a6f481153ada8f9272f3e8bdf791b86a445b795cbc404aa86ff3c626688fd2550135ed180c10985159

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 312877f6f1939a26403d2e6e27b89929
SHA1 cc3d07d4406565f23dcc650e2a6e3f0cf97f90e6
SHA256 e2aaa8f6027910667f6e9b028291bab4ecc737c031139d6256266d31aeaf6e13
SHA512 3f4bffbdf5e136b379e4059d94af8921f83f1fe350875eda46f16ad72dd01d0958bad183733ffae9f6e245504aa4e578f5d62880d777370065c5002732e7739d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c1f718c8a4de9ac271d2f913b8269a6
SHA1 85afc2b7a355fa4057142d3a737cc03d8194a57f
SHA256 f13110fbe88e41e8ce6b150308c858b1b20093abcd34e4e2afdcd50031db5cda
SHA512 c88b35b791f4009f0c13a2fd0b7c6564842772b8f671ad84eff961905f672895fb525dd8f29a56ffa6ce729c6dc309befe5df93fb5788ce5b36597cc120fab8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbb4ca2ad04e91b0559a1f16c8ec08be
SHA1 c7cab348a14f3833f4b916a53c4a26e72ba23dc3
SHA256 b0f2f592e87ff2bc99df4f96eb744a472778bd59c7cf436b590c506edbd31653
SHA512 7f10527d0a348e7668f58499400f67b1eba0143957ac6e1122ba94f103474f4d5c442f28aad59ee467cf0aaab5e774371547c7367243a81e8457dbf8edaecd97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be20d7a7f3ccbbf6c7653ade8daf66dd
SHA1 01d0a5d540a04baf5b84d7d55c2566737b4f4e3f
SHA256 2989df4118675fbbf50a28de3a1c6704e71c16c5e6e5151da384b3f788d8a85e
SHA512 103ed7115a9bfd91414634d5d9b694598c033faa5880b71482a2897d7286865d4ea0653c1efd4191a5f80ef0e4c1f349034732775f320022dcf91c936f62582a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6dc935d84f199ba4fd6efe6b8b008cf
SHA1 c86b6bce02f4e28449190237840e0d187a60b4ce
SHA256 f55fca24632476f33af47e416f29f527ee3ec6a598cc1e49b2dca809751f4d89
SHA512 49b25eb5290d81ab5aaa76a2c0f3273f96fd52cea48d0a5a530dde1f8450b250a38506affd3245b8d1c5b003938c8dc7a9c954a3ae225bd6293aa29a27e0b17c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3aa9be44edb7a17d53586a11dbb97512
SHA1 3400e9b93aa66819cc1c6ea672d6b6b968721e53
SHA256 2d4258ab6896d76098803ffb7b2fb424ee9cb5a98ee1f975413dd416e14f847b
SHA512 7a3114c4fd42d469fecda55a6b8511ee0f5922bde2edaeaa844796ffdebaa0f1b9ad03f4357c7a56804f304b65257f1cd718a3ffce2a3e4aacb7d43cdb7043d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a3f87bf47a3e62cb2fb79c1c9cff7dc
SHA1 50afa1e27252cfb75fdfa37f4c5f81dc48c5bc13
SHA256 a4b1214004e322f3270dc7628d0ba4c5024bcc6f4684fa0400162521c61a3b1e
SHA512 5c447d0dc03ba20061c0827e5a94de1d512c6b009f7740df7bf065674da87d8610257e090d0bb50353750875a46fc03693731627742a7da5b27bb76661735e65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f3e4bb8996a52a5382930a4995d93e7
SHA1 330caacdf5e9c48478c208ae2e93fe82ae0052e7
SHA256 59a67946c41b220347c4859becda1bc691a43a192419d9cda3f1745581f7d01d
SHA512 cb5cdce03bae82d2b746d381ea373e5b13e6f0f2a25a44e9dddeca99839e8a9afc53fa9481bfd6a743da618397b20172ed5df4c8719cd499f3e09a5acd871d0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c1b44a7222ddbeefbd67815ffce1b41
SHA1 faf1eec60efbdc8ac69c6b88305feecabfa24239
SHA256 d98412371361743fb89abf76cbd2881ee93543ac581c9adb6650fbe508fe108d
SHA512 e4a0ad8a9aed37c2b1c25a3ae01fdcc48f309478879e0467f3069cce10319e678eb11995afe65d0087dbcd40bcb36ab4aa28453f230aeb2322cf17de09b8e98d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 038529f710526a0a31729ecf5dc1475f
SHA1 6548a404e09aa92b1fe32a466cb050edf82b48ff
SHA256 f4e0b2784491565523a26ded02e2ca316fc6cc26542e06ee1c714209e06ba813
SHA512 e2b1d298115a3f2da0ecbd6bf711fcc4646dc0b37ac2e243ff0b8b81530c800361e1a1520599e9e5c2d62cd3a96759ceb37edadbf99d27af67ad054dcff940d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdfb7242f774e6c991556c0fd44f9a82
SHA1 61b86b748151b4993f8739bfddbdf869fd6813f1
SHA256 690f2ff3255fc7583e47aba1388c106a73934d0adbd8b45fffbf51d4f458e99c
SHA512 73e17f1bc6924668fb6fd5798accef4e6364da5848ff194a3fcadfb250292d955a84aa17aaa0d255421173a9630036e4a707940f9a4e533413501dcd5b0a90ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01f10bd3b913db7b9b2d43cc4acd7733
SHA1 de3631fdb242e4a2017c712ea191bfb9428b3a14
SHA256 f0f00775a53b02eead10fd3a57329ec4805c48352b8553a463eaa4815dcb0997
SHA512 6eb80770e940af8f01a590c0579da6c4897a49ff50db2362e0ef40c0251dcfcd57e99a6f774e2e666af4d7f7835916d13d54e65e066a4b35c5e29f9dbbdf5dd5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f3ef6bc37b45bbd9206d4231e21c11b
SHA1 8a0108586ae4e630593cccfd260b44942a3d021a
SHA256 927663430de9e2cd97bc778c5040fda30cda514819acbc06cf0d66d2c1d41ca4
SHA512 60e943cfcc4b253706dfd4ce51a6771707f7f9b79a84e481f9168010ac0b40b75f741cb684b0109b5e58de4903578c4b071aa0546f68139f14d15ff8f68a5c87

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-04 01:52

Reported

2024-11-04 03:56

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe"

Signatures

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\8e90af6cc31cafd37c5848fa12c61c61_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 www.fenomen-games.com udp
US 8.8.8.8:53 www.gamecentersolution.com udp
US 159.65.253.100:80 www.fenomen-games.com tcp
US 184.72.55.36:80 www.gamecentersolution.com tcp
US 8.8.8.8:53 100.253.65.159.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/4040-0-0x0000000000400000-0x000000000055B000-memory.dmp

memory/4040-15-0x0000000000400000-0x000000000055B000-memory.dmp

memory/4040-17-0x0000000000400000-0x000000000055B000-memory.dmp