Malware Analysis Report

2025-08-05 16:58

Sample ID 250127-zbyrpsvnhk
Target JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630
SHA256 a59f4e9896c128232dd7df54e68fe550688527348b57fdc79a355b82d9352285
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

a59f4e9896c128232dd7df54e68fe550688527348b57fdc79a355b82d9352285

Threat Level: Likely benign

The file JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630 was found to be: Likely benign.

Malicious Activity Summary

discovery

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-27 20:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-27 20:33

Reported

2025-01-27 20:35

Platform

win7-20240903-en

Max time kernel

121s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe"

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2b60a113624754ca09e04382d0e78f00000000002000000000010660000000100002000000046db46e7802300c2d68bf2d3fadfe69deb9fba8d8d25e105a5a0058c59f7138f000000000e80000000020000200000006769abc79234c4c7dc245e21aa0f8b26ab8c541d7e6ee8d90b7eea608f36c0e420000000844204c67920287ac323a017eb5a5aea48eb5d020ff824ff34cf11b2a08a9b5b4000000005485133eb237a076d0ca5851729346fc202a0c78466cce5e100d60dfe3bd84cc78bddfaa8e91c600c71ba822ba4f53414c26e3be55f52f12189ea04dd5a89b5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F65A2731-DCED-11EF-8B05-6E295C7D81A3} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 004614cbfa70db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444171874" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2b60a113624754ca09e04382d0e78f000000000020000000000106600000001000020000000b8ca35558210394a77f3fc60f223d6d14084bad3efc57cb617e4055114aa3767000000000e80000000020000200000001f3b39e04de16e621d01f15083ede7b139b85aa7c620becfbea1c7e7fd3ea49f90000000f9c64c31f4e3a1074bdde6f2bf9677e1e14abd34212936327c9e6c434ec3c3020c1dd1e37d216e951525a17122c2649b783044569c527c8d5a7b34acbf95e5881c8a05e8c8010ee2d9170619543d605f450a734d6ac91895db0edf9aefbac0a76786116bb2a86819a03617ceb5438e9ca79ad857696c5eea3356ab08cc9ca1f7380045eddb749aa3fcd246fdba053a0040000000b91321622c9d3d51b7e5c8e6126090b9e6c1334741f1e9cb1dcfe218d894d792241584ad03940a46649eff6cd751193891f997b466d6546ad96e23ca219bf374 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.flvtube.net/12224

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.flvtube.net udp
US 198.58.118.167:80 www.flvtube.net tcp
US 198.58.118.167:80 www.flvtube.net tcp
US 198.58.118.167:80 www.flvtube.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2384-0-0x00000000001D0000-0x00000000001D1000-memory.dmp

memory/2384-1-0x00000000001D0000-0x00000000001D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabCA54.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarCB03.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ed9d29837424f875a69162a65fa1035
SHA1 3911548f8236b3e56365b709b2d9238989754ba9
SHA256 9b3460c2e86e46fb836ef1f6b337380bef0c0c6b95c1afc365335b30a93cd973
SHA512 1f4f669fa49b7e4cc35fba5458534b59535964b495500f20a40d8f0b6d8c188c240c8a85fbb9aad75a3190e71ba69e6d2580142eaecc23b6ae0e8ea2497ea5c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d328ad55b007417c757d248ea832581
SHA1 644975330d9581d6902062b13941f2a959893d28
SHA256 692d0973e1e3f374e7bcac951b3793002a114d57487186aa5f6b46b60291c050
SHA512 97deea4a2a56df859799b2184e7d05d865eb93c392d311cf62d53c48f303b53a0a8119084eb45f42549a843164514107812f594b2cd465b794abe41203c1cc81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef2eddfcd1b84a57ee116db7faedc120
SHA1 ea649b41387c41c6d35e54ae00425489f1ec25ca
SHA256 f596aa216c5162dd63b1620df83ec4286c45906eb2fdc950461b6eb72faf6902
SHA512 72a8aa0c2d9bc288245b5ba382c4291ebd0d4f6c56116120e2278ceb975309fbef52bb3c933348f38df796acd36b3e7f70d8306dd6fd8fc69e7701b9b123d80e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77bf5f1b0bd069f76d135593c7020f75
SHA1 d8882efbe948bae1ed6877060fb80c5648341c38
SHA256 8245a1b4fef938392d2a3e8d6d52c6640d07b485bfaacb6782094bee9d577db3
SHA512 89d092a03f249f31da2a16f789d3985c297951fc2f492ef9dddb152ecd08bba69a15ebef8d0f9dd7313a1392995c601c7f4678c8e8c73f8f05128ecd8494ab25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a5d5776ffacb7f86c65bf8d88b2e2c6
SHA1 67511ad54754abc27694ad36a1ca7e56a706584d
SHA256 6dc553dbef03bb597e9855804428ff93604f47cbc0977528fb757a9edbb8ba20
SHA512 516b84b135f77ad06892621d9879b4d8921c2c1136256f23a3e5309deb808eaf1479202d9e86741a3be47d3a75677b4dd40bc4c497e0984e86b1ba52edd67a9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a39b5cbeb00ae1f1096e1c82f613e8c1
SHA1 2864a4f1843e249bbc27ecd35caafde5ed087d4f
SHA256 7895e7fafefa09d0d64b00823a0d453c84e3f84761ec51817818090784b1c1f5
SHA512 2ac2e20843a67aaf9de4bb95e907245b2ac7f35d565525568b894696263db12a0f02969adfbf7a7b9b45632be95641c0b1ddf3e08859930d8641a6214ec841f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9296d59c819eeba7734e6896a3f2416d
SHA1 bb153564dceb3c889031dbd60c519a3808bf8465
SHA256 defa71f2178a01a26e604af0997db9c4619d959550dce1e437a7c5f62d234d80
SHA512 7b7741ba6378859cf44c78c4f1136918c4c7346550dcfa088dc21db5f3fb7d2a960371794bf10849349535fef4f43cb5236f870f0f909f78b880e3d8bad91cc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8ee18eed7c05a152c16d85f5629d5f9
SHA1 3ee13751cfd9898ed2bbfbffaeb7291790f938f4
SHA256 779fce436e0c0425df1b651a940ef5d49997b2168c106a8f74618cced90de43d
SHA512 508c99195c6d8b06b67b60340951fcd734b9fddba3b5187fb7843f0c750f0eeeca1b7abc7b7e26c6006715f12627f8f9d2760dc4496c057b430a6d57fffef844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8978a83306d0f80821068e19dcbd45eb
SHA1 4931235d1808bb242c39e53e0040e82425996ca1
SHA256 07b23e31fa2163b819b915d45bea779efd6a8dbce2b78d6c9689f29022df12d2
SHA512 043c5dae1c904d9681d9658167c93f9e231890d2a000f9b265388c075d249e0f034c4727f063bffa97bb6d893316633e63c1c9c4edc8a64684a4724cd664de10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b591d5b5bc854996c46f354ff08a703e
SHA1 c27f5a773310c9f47691db82a13247758dcaaf36
SHA256 f85b6f60692928640494fd8d242a6e8c00f97c6b249b98f0368fd0d2eb009028
SHA512 d60f2e0fba94e489dead926021ce25a73f1e0739432ba4614bbcdd17a9fe1c074c4b3c6ae59cfc6f3f597deb525f8539a3520ccdb508b8b3df864a489e276047

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20302650a4a80ea8f06544e5d42b264b
SHA1 7bb88e7f7e177080bd567ea47d1783c28899f221
SHA256 c637748b031375be70138102c2cb7de04a74191d1734d2bb462d15cc8a470934
SHA512 72eaa6745526bec5fd231fc637ce30f1fc398edc082c317605feed79ce3cac9a9789f3510a5916a96c0bd7940d2ee966335938e4ed37fba9e8ec5006840f25d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74df6b7111af43b6da603c0dd558c165
SHA1 5b227a51031e3cfefb9d80d137c1f1e06765c089
SHA256 d51147d23fb938497fa9e645e2d276837361a615c4e86e6562e0621e1bb4b0bb
SHA512 4f5f49a6dcd18d3dee936a37ae536c02ba7f0ab0b79fb50a8df23d10636a6baf7431f5642b2913a5904693f9248f35fbf6537cfdac826510e40dc26ef1ee64b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d073f3b8e4c8b1ca54ac05d0f6309896
SHA1 66421636c6e52a4dd41aa325f9911592cffb69e0
SHA256 1466fc9476a2f0bf6bd43b3a808155614f329258de066b1dd0cc0f048d46d8ea
SHA512 737946d14566e6dd8a8732e57c573b9774f332308fefb449c19c3027bbfaecb7ec4f31673a4a735854e974d273644ae85a6ff74c73e144e6cb7186216de8be3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd6ff487c320978a6f4e1e20b273cc76
SHA1 f91c4d57b734b488eec7c2419e1388ee31b2fb1f
SHA256 c0f7e552498e8a7cac4bb5bd42a2231b378d4c9b58580af91f63a8d54e39a8ff
SHA512 e34d9a0f05e8dba64e1799588521cca25e40d6ba185d3daa3526efef8eb3214d8ed518ed2fb55513e3c87cfbaa70051278b65cb9ee3309b1ebbc360893cc504c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b94f7224aab0ef9d975654ce1af1fe0a
SHA1 b5d2da0d35b415d250f81d5d4b9621180c964752
SHA256 a93f6721c4dbea69e403192a8561f737f549e9141210298bf511acfedf013152
SHA512 34ed8ee233ed63cf0fefef623936e2c1f1b7575ea94af3d945d3fe957914ecb30a1ee0c621c02351c9c8ffb5b18a6db19324afa0f8212a79e48278e489ae6627

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f2be240c2440279634046b4e618aaa1
SHA1 2f5a9282ef12f46df9b5421497346c08ecb006a9
SHA256 dca901fe24ebf94dc77238dfe6278eec3b320eda87f1e2c70b4e9888c68ec863
SHA512 2a291705dabbf6f21b802caa35beba99d3f2a189eb3cac79fcb23fcf5857c6cc12376eba8ab6335ef4fb6bffcb2c5376315baee83dc833df388330985b31d0bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63f061498ce3f098b77c4130f150cebb
SHA1 0ca27f0504d97e05181d7b5fc549789451e9d9d6
SHA256 55a90243eaf6c1344580ed519b5e36db5668c92fc72bbac8e0c0d2de4e8556bc
SHA512 ad9f7bf08907f66768218e3be242234b4bdbb8681aba50fc515c711f16b60f9adbc9d07225534a655a82fddce86ce14d814f91ebbcace31e0accaec9e787bfa3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8aff0e863b62909f8c67071f5735148c
SHA1 4d26384512a497e8e0056cf2a7ad58ab6576b39f
SHA256 d6eebaf53a6d5b8cbea68d910106b4c04ee81f02d01071953c338ebc91100d35
SHA512 ac517ac1f390c09925541411b08e7823d8f4e72949af675ae6f8d6b600ccc5884499b6938a8564c84eaf6e10839ff611bab8bd86658e7dd375834fe44fb0b12e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 299c519a4ecb234d087508613ad95e46
SHA1 33ac29aa07bb0fdbaea53b619234464ee116c778
SHA256 34227b46268010a02eaefe881e8036ccadba3dd78234dd8f13e201851208c733
SHA512 f26c5c9a889eaf42216550f3c942c9787abd42012c8890fc994fdbaeae09edb2e25fafe134871d17bd66bd425401154db72690dc0ec584452bb40ff2cfdad440

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db6d705e66c769b01504262dc377390d
SHA1 aa40703587f19b57c1a9cbe4c0a8f7a4925a0e24
SHA256 ad362909d9132b775e335b6e9a653263f075c42aa96f74f0d636523f78eeca28
SHA512 8b27dce97a07f5f28362e764ebde26cff2af79657aa14fa2597d5e9b518e91d6a5be9562e2ba0ba02bcda36b4c84c18680911bc24e44ae60192b3e55d4d5b6c1

Analysis: behavioral2

Detonation Overview

Submitted

2025-01-27 20:33

Reported

2025-01-28 02:19

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe

"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4370f30a8ff5ca6a92cb41dd5c6eb630.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 5.114.82.104.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/1312-0-0x0000000001560000-0x0000000001561000-memory.dmp

memory/1312-1-0x0000000001560000-0x0000000001561000-memory.dmp