Malware Analysis Report

2025-05-06 01:36

Sample ID 250105-3hjsxaypb1
Target JaffaCakes118_0177c423d33507eb5acfbf6180035561
SHA256 22600bf939213458b0c557700031593aaf9fe0c2cd90fc330e29748ec66adb03
Tags
guloader discovery downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

22600bf939213458b0c557700031593aaf9fe0c2cd90fc330e29748ec66adb03

Threat Level: Known bad

The file JaffaCakes118_0177c423d33507eb5acfbf6180035561 was found to be: Known bad.

Malicious Activity Summary

guloader discovery downloader

Guloader family

Guloader,Cloudeye

Checks QEMU agent file

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-05 23:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-05 23:30

Reported

2025-01-05 23:33

Platform

win7-20240903-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe"

Signatures

Guloader family

guloader

Guloader,Cloudeye

downloader guloader

Checks QEMU agent file

Description Indicator Process Target
File opened (read-only) C:\Program Files\Qemu-ga\qemu-ga.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A
File opened (read-only) C:\Program Files\Qemu-ga\qemu-ga.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe"

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.gsmcommerce.net udp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
TR 94.102.1.96:443 www.gsmcommerce.net tcp

Files

memory/1992-2-0x00000000003E0000-0x00000000003F6000-memory.dmp

memory/1992-3-0x0000000076EA1000-0x0000000076FA2000-memory.dmp

memory/1992-4-0x0000000076EA0000-0x0000000077049000-memory.dmp

memory/1992-5-0x00000000003E0000-0x00000000003F6000-memory.dmp

memory/1496-6-0x0000000000400000-0x0000000000553000-memory.dmp

memory/1496-9-0x0000000076EA0000-0x0000000077049000-memory.dmp

memory/1992-8-0x00000000003E0000-0x00000000003F6000-memory.dmp

memory/1496-10-0x0000000000400000-0x0000000000553000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-05 23:30

Reported

2025-01-05 23:33

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe"

Signatures

Guloader family

guloader

Guloader,Cloudeye

downloader guloader

Checks QEMU agent file

Description Indicator Process Target
File opened (read-only) C:\Program Files\Qemu-ga\qemu-ga.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A
File opened (read-only) C:\Program Files\Qemu-ga\qemu-ga.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe"

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0177c423d33507eb5acfbf6180035561.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 www.gsmcommerce.net udp
TR 94.102.1.96:443 www.gsmcommerce.net tcp
US 8.8.8.8:53 148.101.18.2.in-addr.arpa udp
US 8.8.8.8:53 96.1.102.94.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 www.ruchihospitalities.com udp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.134.89:80 r11.o.lencr.org tcp
US 8.8.8.8:53 38.85.241.162.in-addr.arpa udp
US 8.8.8.8:53 89.134.221.88.in-addr.arpa udp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.134.137:80 r11.o.lencr.org tcp
US 8.8.8.8:53 137.134.221.88.in-addr.arpa udp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp
US 162.241.85.38:443 www.ruchihospitalities.com tcp

Files

memory/1876-2-0x00000000021F0000-0x0000000002206000-memory.dmp

memory/1876-3-0x0000000077501000-0x0000000077621000-memory.dmp

memory/1876-4-0x00000000021F0000-0x0000000002206000-memory.dmp

memory/1876-5-0x0000000077501000-0x0000000077621000-memory.dmp

memory/1876-8-0x00000000021F0000-0x0000000002206000-memory.dmp

memory/4932-9-0x0000000000560000-0x0000000000660000-memory.dmp

memory/4932-6-0x0000000000400000-0x000000000055D000-memory.dmp

memory/4932-10-0x0000000000560000-0x0000000000660000-memory.dmp

memory/4932-11-0x0000000000400000-0x000000000055D000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\39154BC098F8D099CA8351CC7D4C5A31

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\39154BC098F8D099CA8351CC7D4C5A31

MD5 e629a80364df86654dca53c49a4f98ae
SHA1 7926e76f28e2cd1e6bfe6f41ad659da5bed5e4a3
SHA256 198a077d54d11b9d79a8361f9334c1195ffb5250bdcaf8cd940f1384bff8f417
SHA512 37156029004d091906984df8ff1562f14db00014c1b3437c0ffbc3c7482ec69844facc8ca1905138afa6a24c5b5d981d03981eca866b9d037dcb65e1d803a9c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\39154BC098F8D099CA8351CC7D4C5A31

MD5 c336f7c924aa788bbe67a9439a94d0d4
SHA1 cb8887e521e967012b5cce91075b245f654cce26
SHA256 cf4d191e48ac1c59e8bd2f22c9c577110c86de8faeffb197dab3bb44a33f2946
SHA512 95ebfaf53e0e96c823f70a26b5ea465c5ed7d151efd770b1b0777a14732692c6a888a896365fcf74437baccf5b1041daff2a0693b70b7127c1255b4014321ce9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\39154BC098F8D099CA8351CC7D4C5A31

MD5 be03a882f6128efad98a06e0adbd34bd
SHA1 dda795e9e096ceefa09277c069ebda3bd160a721
SHA256 960097c45c628d5f2cdf560c3ec57910ad6ac4519f7cb567cac40521f7f4189c
SHA512 e4e6afadcccc09691a38b109e233ac34970a349f53683d7a7b94b055e2808ad54a93577afef7145c2c1eb6167a3a2f582f9f66d13dbd584a7150e4cbb39856f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\39154BC098F8D099CA8351CC7D4C5A31

MD5 8f2965b4492e6634d63bc5c17fcfd8e0
SHA1 cf095d72af02f3441d583b4e7dd9759f579b8fd3
SHA256 8c6ffd9af00e505de278bafe8017cd01553cc0d40984ccac25f4e6f09f16977a
SHA512 6c2135e8a0e99b7e1c5dd8ff88f1710592c44f064314fdda3896fbee677d554fea28b25fde8287b0214d11a6ca585d9415bfc538ae4e147612fccd276cecdb78