Analysis Overview
SHA256
9b4b37cbb9845b093867675fb898330a8bd7ed087d587cba8cd21064c9a6e526
Threat Level: Known bad
The file d2ea1565ae004368655edb5169b56a0f_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Locky
Locky family
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-07 14:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-07 14:25
Reported
2024-12-07 14:28
Platform
win7-20241010-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Locky
Locky family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d2ea1565ae004368655edb5169b56a0f_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d2ea1565ae004368655edb5169b56a0f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d2ea1565ae004368655edb5169b56a0f_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| SK | 91.219.30.254:80 | tcp | |
| UA | 91.234.32.192:80 | 91.234.32.192 | tcp |
| KZ | 78.40.108.39:80 | tcp | |
| RU | 31.184.196.78:80 | tcp | |
| RU | 31.184.196.75:80 | tcp | |
| US | 8.8.8.8:53 | yjyrqviftvlqocx.tf | udp |
| US | 8.8.8.8:53 | ihxeaflexeius.tf | udp |
| US | 8.8.8.8:53 | rflyprlgbra.eu | udp |
| US | 8.8.8.8:53 | fkdvvfyn.eu | udp |
| US | 162.249.64.244:80 | fkdvvfyn.eu | tcp |
| US | 8.8.8.8:53 | opysjm.pm | udp |
| US | 8.8.8.8:53 | jydwexasuwbcyt.pw | udp |
| US | 162.249.64.244:80 | jydwexasuwbcyt.pw | tcp |
| US | 8.8.8.8:53 | lsdrxvrphsmy.us | udp |
Files
memory/2528-0-0x00000000003A0000-0x00000000003A4000-memory.dmp
memory/2528-2-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2528-3-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2528-6-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2528-8-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2528-10-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2528-12-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2528-14-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2528-16-0x0000000000400000-0x0000000000446000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-07 14:25
Reported
2024-12-07 14:28
Platform
win10v2004-20241007-en
Max time kernel
140s
Max time network
144s
Command Line
Signatures
Locky
Locky family
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\d2ea1565ae004368655edb5169b56a0f_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\d2ea1565ae004368655edb5169b56a0f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d2ea1565ae004368655edb5169b56a0f_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| RU | 31.184.196.75:80 | tcp | |
| KZ | 78.40.108.39:80 | tcp | |
| UA | 91.234.32.192:80 | 91.234.32.192 | tcp |
| US | 8.8.8.8:53 | 192.32.234.91.in-addr.arpa | udp |
| SK | 91.219.30.254:80 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| RU | 31.184.196.78:80 | tcp | |
| US | 8.8.8.8:53 | yjyrqviftvlqocx.tf | udp |
| US | 8.8.8.8:53 | ihxeaflexeius.tf | udp |
| US | 8.8.8.8:53 | rflyprlgbra.eu | udp |
| US | 8.8.8.8:53 | fkdvvfyn.eu | udp |
| US | 162.249.64.244:80 | fkdvvfyn.eu | tcp |
| US | 8.8.8.8:53 | opysjm.pm | udp |
| US | 8.8.8.8:53 | jydwexasuwbcyt.pw | udp |
| US | 162.249.64.244:80 | jydwexasuwbcyt.pw | tcp |
Files
memory/3492-0-0x00000000021A0000-0x00000000021A4000-memory.dmp
memory/3492-1-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3492-4-0x00000000021A0000-0x00000000021A4000-memory.dmp
memory/3492-3-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3492-7-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3492-8-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3492-9-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3492-12-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3492-14-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3492-17-0x0000000000400000-0x0000000000446000-memory.dmp
memory/3492-18-0x0000000000400000-0x0000000000446000-memory.dmp