Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 19:49
Static task
static1
Behavioral task
behavioral1
Sample
fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe
Resource
win10v2004-20240412-en
General
-
Target
fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe
-
Size
3.0MB
-
MD5
496ab814cb6cae04d292c6fe2fec4577
-
SHA1
d7ca785c06e2cf7d23b0736fde5643c69baae592
-
SHA256
fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540
-
SHA512
d23d47b66770af4e13a04265d9e4a46d5e62b93361d45b2ad6720b89d638a3e4d59eced1fd8f86d7711708a4158cd5487cf2509c2feb3e32cee368ab113afe91
-
SSDEEP
49152:rOcpcn6JBfJXAE7qKe9uAscv6r7vpDa+hYLgPmwxZjH8P5no00MBrT5tSOqJ8Vp9:inWBfKEJOD6/eghJKhQAyMCBcB7Mhlkn
Malware Config
Signatures
-
Processes:
fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exepid process 3048 fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exepid process 3048 fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe 3048 fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fd820bf82edbaa4be20fd3b644a05754d95d71de60fe79ab983c3318e0697540_JaffaCakes118.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3048