Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
05-01-2025 15:14
General
-
Target
JaffaCakes118_aca82e949ab5af392482acacf334cb07.exe
-
Size
244KB
-
MD5
aca82e949ab5af392482acacf334cb07
-
SHA1
a74a1cd1bebc9952eeb4d9ece7938d7785299727
-
SHA256
b56895ad77349d2e59946aa9abf61722715a1382e937e4176551dc285791623d
-
SHA512
f982dfb3be1e2d689d83fab7c8579eeee8d7845a8f29b47ab092abcf1e30a6d96e5685c11240cc9915a8fc57479d6d59f291f180786e7b6dc26d3796d901bcc9
-
SSDEEP
3072:WyQC2mC/zuw10GGQ++vroMTPjg/2Y2KfdkYq4vjC3IxbOaeOuMkBAOE6lLxSPNlm:jKuwvJUdkqjtbwqkmOVlLxSG
Score
10/10
Malware Config
Signatures
-
GandCrab payload 4 IoCs
-
Gandcrab
Gandcrab is a Trojan horse that encrypts files on a computer.
-
Gandcrab family
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aca82e949ab5af392482acacf334cb07.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_aca82e949ab5af392482acacf334cb07.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns1.wowservers.ru2⤵
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup carder.bit ns2.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\nslookup.exenslookup ransomware.bit ns1.wowservers.ru2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5f1ee245967da5592c9408796589deab2
SHA18e60cc17afcd01fa09266f79338fc1b342dd8568
SHA2563833b3815134157abec2a0145a010159ee7d695550326da6adc00f379fd64d2b
SHA512e4cb867cffe79646b97ffe568c44678c4307b75482eca234013e963f938da73723c1c362a8432641567b4d51f58f8c83610ad6cc6d9adf355fe4db3977e2927b
-
Filesize
108KB
-
Filesize
176KB
-
Filesize
612KB
-
Filesize
612KB
-
Filesize
92KB
-
Filesize
108KB
-
Filesize
176KB