Analysis Overview
SHA256
f53aceec2dd2323f9ef02ba077f140f2c968762bde3e6c19be892ad09697f3cc
Threat Level: Known bad
The file bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Panda Stealer payload
PandaStealer
Pandastealer family
Loads dropped DLL
System Location Discovery: System Language Discovery
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-03 08:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-03 08:52
Reported
2024-12-03 08:55
Platform
win7-20241023-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Panda Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
PandaStealer
Pandastealer family
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe"
Network
Files
memory/2504-0-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/2504-1-0x0000000000400000-0x0000000002CE0000-memory.dmp
\Users\Admin\AppData\Local\Temp\CDIResData\CDIRes.dll
| MD5 | 2adaa6733c5cf480d52824b977772dbe |
| SHA1 | 88b4dd86e812c0327e9cc8ea6344af0b91cf6a74 |
| SHA256 | 498aef2e80850094b09578cc54ce0a4a79d8881229c28ba5ab4c888eacb71c71 |
| SHA512 | 0e27bf90bb9f467e94dd8eb76131ae29049de9df8f3070446053d2164d1d7f2b9b41474b27349489e126365e9c34850d9a42c4fad0f63b23ad46f075a8d6d579 |
C:\Users\Admin\AppData\Local\Temp\Script.ini
| MD5 | 00ce10a19fdfa5b5cfba4f5d8e371683 |
| SHA1 | f23998163617df6f42a0c3ea730cbbb869cfc410 |
| SHA256 | 046b66aed0f0673433cf4ac68003488245eac2748b402f1f4b062fabc2d34af5 |
| SHA512 | cfb914f7dc56ba4d8eab964b975211bf8eb7d6a640d28885e7f90438a5cd70a3dc6a2616187c0bdea59a580ff5680dec36239e620a1f0acc4d3ba296267deae1 |
memory/2504-286-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/2504-289-0x0000000075C50000-0x0000000075CA7000-memory.dmp
memory/2504-288-0x0000000076DF0000-0x0000000076E90000-memory.dmp
memory/2504-287-0x0000000077500000-0x000000007759D000-memory.dmp
memory/2504-291-0x0000000075210000-0x0000000075261000-memory.dmp
memory/2504-290-0x0000000075CF0000-0x000000007693A000-memory.dmp
memory/2504-293-0x0000000076AD0000-0x0000000076B5F000-memory.dmp
memory/2504-294-0x00000000771D0000-0x00000000771FA000-memory.dmp
memory/2504-295-0x0000000075150000-0x0000000075182000-memory.dmp
memory/2504-292-0x00000000776C0000-0x000000007781C000-memory.dmp
memory/2504-296-0x00000000750D0000-0x0000000075146000-memory.dmp
memory/2504-297-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/2504-301-0x0000000076DF0000-0x0000000076E90000-memory.dmp
memory/2504-300-0x0000000075510000-0x0000000075519000-memory.dmp
memory/2504-298-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/2504-303-0x0000000075C50000-0x0000000075CA7000-memory.dmp
memory/2504-302-0x0000000076B60000-0x0000000076BDB000-memory.dmp
memory/2504-306-0x0000000075210000-0x0000000075261000-memory.dmp
memory/2504-311-0x0000000075150000-0x0000000075182000-memory.dmp
memory/2504-309-0x0000000076AD0000-0x0000000076B5F000-memory.dmp
memory/2504-308-0x00000000776C0000-0x000000007781C000-memory.dmp
memory/2504-307-0x00000000754D0000-0x00000000754EC000-memory.dmp
memory/2504-305-0x0000000075CF0000-0x000000007693A000-memory.dmp
memory/2504-304-0x0000000075270000-0x000000007540E000-memory.dmp
memory/2504-299-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/2504-315-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/2504-314-0x00000000750D0000-0x0000000075146000-memory.dmp
memory/2504-313-0x00000000770A0000-0x000000007716C000-memory.dmp
memory/2504-327-0x00000000770A0000-0x000000007716C000-memory.dmp
memory/2504-326-0x0000000075150000-0x0000000075182000-memory.dmp
memory/2504-324-0x0000000076AD0000-0x0000000076B5F000-memory.dmp
memory/2504-323-0x0000000075210000-0x0000000075261000-memory.dmp
memory/2504-322-0x0000000075270000-0x000000007540E000-memory.dmp
memory/2504-321-0x0000000075C50000-0x0000000075CA7000-memory.dmp
memory/2504-320-0x0000000076B60000-0x0000000076BDB000-memory.dmp
memory/2504-319-0x0000000076DF0000-0x0000000076E90000-memory.dmp
memory/2504-318-0x0000000077500000-0x000000007759D000-memory.dmp
memory/2504-317-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/2504-330-0x0000000075510000-0x0000000075519000-memory.dmp
memory/2504-331-0x0000000076DF0000-0x0000000076E90000-memory.dmp
memory/2504-332-0x0000000075C50000-0x0000000075CA7000-memory.dmp
memory/2504-337-0x00000000770A0000-0x000000007716C000-memory.dmp
memory/2504-336-0x0000000075150000-0x0000000075182000-memory.dmp
memory/2504-334-0x0000000075210000-0x0000000075261000-memory.dmp
memory/2504-333-0x0000000075270000-0x000000007540E000-memory.dmp
memory/2504-339-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/2504-340-0x0000000075510000-0x0000000075519000-memory.dmp
memory/2504-354-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/2504-353-0x00000000750D0000-0x0000000075146000-memory.dmp
memory/2504-352-0x00000000770A0000-0x000000007716C000-memory.dmp
memory/2504-350-0x0000000075150000-0x0000000075182000-memory.dmp
memory/2504-348-0x0000000076AD0000-0x0000000076B5F000-memory.dmp
memory/2504-347-0x00000000754D0000-0x00000000754EC000-memory.dmp
memory/2504-346-0x0000000075210000-0x0000000075261000-memory.dmp
memory/2504-345-0x0000000075270000-0x000000007540E000-memory.dmp
memory/2504-344-0x0000000075C50000-0x0000000075CA7000-memory.dmp
memory/2504-343-0x0000000076B60000-0x0000000076BDB000-memory.dmp
memory/2504-342-0x0000000076DF0000-0x0000000076E90000-memory.dmp
memory/2504-341-0x0000000077500000-0x000000007759D000-memory.dmp
memory/2504-359-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/2504-358-0x00000000750D0000-0x0000000075146000-memory.dmp
memory/2504-357-0x0000000075C50000-0x0000000075CA7000-memory.dmp
memory/2504-328-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/2504-316-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/2504-539-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/2504-782-0x0000000000400000-0x0000000002CE0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-03 08:52
Reported
2024-12-03 08:55
Platform
win10v2004-20241007-en
Max time kernel
98s
Max time network
142s
Command Line
Signatures
Panda Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
PandaStealer
Pandastealer family
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bca11b7e7f05b428e5d096fced90b03b_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.125.209.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.125.209.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
memory/1940-1-0x0000000002E80000-0x0000000002E82000-memory.dmp
memory/1940-0-0x0000000000400000-0x0000000002CE0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CDIResData\CDIRes.dll
| MD5 | 2adaa6733c5cf480d52824b977772dbe |
| SHA1 | 88b4dd86e812c0327e9cc8ea6344af0b91cf6a74 |
| SHA256 | 498aef2e80850094b09578cc54ce0a4a79d8881229c28ba5ab4c888eacb71c71 |
| SHA512 | 0e27bf90bb9f467e94dd8eb76131ae29049de9df8f3070446053d2164d1d7f2b9b41474b27349489e126365e9c34850d9a42c4fad0f63b23ad46f075a8d6d579 |
C:\Users\Admin\AppData\Local\Temp\Script.ini
| MD5 | 00ce10a19fdfa5b5cfba4f5d8e371683 |
| SHA1 | f23998163617df6f42a0c3ea730cbbb869cfc410 |
| SHA256 | 046b66aed0f0673433cf4ac68003488245eac2748b402f1f4b062fabc2d34af5 |
| SHA512 | cfb914f7dc56ba4d8eab964b975211bf8eb7d6a640d28885e7f90438a5cd70a3dc6a2616187c0bdea59a580ff5680dec36239e620a1f0acc4d3ba296267deae1 |
memory/1940-289-0x0000000075640000-0x00000000756BA000-memory.dmp
memory/1940-288-0x0000000076670000-0x00000000766EA000-memory.dmp
memory/1940-290-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/1940-296-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/1940-287-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-295-0x0000000075640000-0x00000000756BA000-memory.dmp
memory/1940-299-0x0000000076670000-0x00000000766EA000-memory.dmp
memory/1940-292-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-291-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-294-0x0000000075780000-0x00000000757AC000-memory.dmp
memory/1940-293-0x0000000076670000-0x00000000766EA000-memory.dmp
memory/1940-302-0x0000000076670000-0x00000000766EA000-memory.dmp
memory/1940-303-0x0000000075780000-0x00000000757AC000-memory.dmp
memory/1940-304-0x0000000076EF0000-0x0000000076F15000-memory.dmp
memory/1940-300-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-298-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-297-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-309-0x0000000076EF0000-0x0000000076F15000-memory.dmp
memory/1940-308-0x0000000075780000-0x00000000757AC000-memory.dmp
memory/1940-307-0x0000000076670000-0x00000000766EA000-memory.dmp
memory/1940-301-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-305-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-306-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-311-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/1940-310-0x0000000075640000-0x00000000756BA000-memory.dmp
memory/1940-315-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/1940-312-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-314-0x0000000075640000-0x00000000756BA000-memory.dmp
memory/1940-313-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-316-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-318-0x0000000076EF0000-0x0000000076F15000-memory.dmp
memory/1940-319-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-321-0x0000000075640000-0x00000000756BA000-memory.dmp
memory/1940-317-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-320-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-324-0x00000000762A0000-0x000000007634F000-memory.dmp
memory/1940-322-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-323-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-325-0x0000000077190000-0x0000000077743000-memory.dmp
memory/1940-330-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/1940-329-0x0000000075640000-0x00000000756BA000-memory.dmp
memory/1940-328-0x0000000075780000-0x00000000757AC000-memory.dmp
memory/1940-327-0x0000000076020000-0x0000000076103000-memory.dmp
memory/1940-334-0x00000000762A0000-0x000000007634F000-memory.dmp
memory/1940-326-0x0000000075830000-0x0000000075A40000-memory.dmp
memory/1940-335-0x0000000077190000-0x0000000077743000-memory.dmp
memory/1940-331-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-341-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/1940-344-0x00000000762A0000-0x000000007634F000-memory.dmp
memory/1940-348-0x0000000010000000-0x00000000101C0000-memory.dmp
memory/1940-342-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-347-0x0000000075700000-0x0000000075774000-memory.dmp
memory/1940-351-0x00000000762A0000-0x000000007634F000-memory.dmp
memory/1940-354-0x0000000075700000-0x0000000075774000-memory.dmp
memory/1940-353-0x0000000075830000-0x0000000075A40000-memory.dmp
memory/1940-346-0x0000000075830000-0x0000000075A40000-memory.dmp
memory/1940-345-0x0000000077190000-0x0000000077743000-memory.dmp
memory/1940-332-0x0000000000400000-0x0000000002CE0000-memory.dmp
memory/1940-340-0x0000000075640000-0x00000000756BA000-memory.dmp
memory/1940-339-0x0000000075700000-0x0000000075774000-memory.dmp
memory/1940-338-0x0000000075780000-0x00000000757AC000-memory.dmp
memory/1940-337-0x0000000076020000-0x0000000076103000-memory.dmp
memory/1940-336-0x0000000075830000-0x0000000075A40000-memory.dmp
memory/1940-333-0x0000000075B90000-0x0000000075C6C000-memory.dmp
memory/1940-457-0x0000000002E80000-0x0000000002E82000-memory.dmp
memory/1940-617-0x0000000000400000-0x0000000002CE0000-memory.dmp