Overview

overview

10

Static

static

1

JaffaCakes...44.exe

windows10-2004-x64

10

JaffaCakes...44.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18/04/2025, 08:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_bd66a6eee0bf02dd7fcf60d45829f644.exe

  • Size

    255KB

  • MD5

    bd66a6eee0bf02dd7fcf60d45829f644

  • SHA1

    705146b1b24343bc39273e77d25fcbbd0c1de19f

  • SHA256

    2b891e8f9664e1840cce0a586c32a64cb6783e049954a635e3cb395035c182ed

  • SHA512

    433107b59a55e9fbc9a3c397e926e72f4c4421a698b07c36fd026d46251e6035514c35eb4293c0a94b7fb717651b98780bb053e867fc73d20dd4eb6797326760

  • SSDEEP

    3072:hrKfG3M1m58rYF62sSDxAhJi1psGNRz9DHLsRY/DWOJolPOSIgcs9ll7EvPFF7qV:hrK+3M1m58rA6rIsGHxD4RmcFH7KSzxv

Score
10/10
simdadiscoverypersistencestealertrojan

Malware Config

Extracted

Family

simda

Attributes
  • dga

    cihunemyror.eu

    digivehusyd.eu

    vofozymufok.eu

    fodakyhijyv.eu

    nopegymozow.eu

    gatedyhavyd.eu

    marytymenok.eu

    jewuqyjywyv.eu

    qeqinuqypoq.eu

    kemocujufys.eu

    rynazuqihoj.eu

    lyvejujolec.eu

    tucyguqaciq.eu

    xuxusujenes.eu

    puzutuqeqij.eu

    ciliqikytec.eu

    dikoniwudim.eu

    vojacikigep.eu

    fogeliwokih.eu

    nofyjikoxex.eu

    gadufiwabim.eu

    masisokemep.eu

    jepororyrih.eu

    qetoqolusex.eu

    keraborigin.eu

    ryqecolijet.eu

    lymylorozig.eu

    tunujolavez.eu

    xubifaremin.eu

    puvopalywet.eu

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Simda family
    simda
  • simda

    Simda is an infostealer written in C++.

    stealertrojansimda
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd66a6eee0bf02dd7fcf60d45829f644.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd66a6eee0bf02dd7fcf60d45829f644.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Modifies WinLogon
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4912
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\JAFFAC~1.EXE
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3208
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bd66a6eee0bf02dd7fcf60d45829f644.exe
      C:\Users\Admin\AppData\Local\Temp\JAFFAC~1.EXE
      2⤵
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2656

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2656-64-0x0000000000400000-0x00000000004A3000-memory.dmp

    Filesize

    652KB

    Download

  • memory/2656-129-0x0000000000400000-0x00000000004A3000-memory.dmp

    Filesize

    652KB

    Download

  • memory/4912-0-0x0000000000400000-0x00000000004A3000-memory.dmp

    Filesize

    652KB

    Download

  • memory/4912-1-0x0000000000BA0000-0x0000000000C07000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4912-2-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4912-3-0x0000000000770000-0x0000000000771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4912-5-0x0000000000400000-0x00000000004A3000-memory.dmp

    Filesize

    652KB

    Download

  • memory/4912-4-0x00000000024D0000-0x0000000002582000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4912-6-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-10-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-8-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-107-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-98-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-86-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-77-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-74-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-71-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-65-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-118-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-117-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-116-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-115-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-114-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-113-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-112-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-111-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-110-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-109-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-108-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-106-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-100-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-105-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-104-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-103-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-102-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-101-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-99-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-97-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-96-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-95-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-94-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-93-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-92-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-91-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-90-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-89-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-88-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-87-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-84-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-85-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-83-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-82-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-81-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-80-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-79-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-78-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-76-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-75-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-73-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-72-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-70-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-69-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-68-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-67-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-66-0x0000000002A10000-0x0000000002AC8000-memory.dmp

    Filesize

    736KB

    Download

  • memory/4912-131-0x0000000000BA0000-0x0000000000C07000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4912-132-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download