Analysis
-
max time kernel
137s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
06-05-2024 10:06
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
1bfaac4c57d83a709cebfb69d04bbe2e
-
SHA1
ec5c936221118d05332ad2d3ee34b8a76675eb41
-
SHA256
9545c84dcbd36668186c7af45ed845b0c0b126133cafc343d859842c51900737
-
SHA512
b691b84f3811d87a2e64aa01ce8a077a4fcce03227d8e08f491e0ff1f15baffb66faddb1a9e40ff9f6f6cafcf39fc682a60d4fc0c60420109cc4a5158a61fd49
-
SSDEEP
24576:HAHnh+eWsN3skA4RV1Hom2KXMmHaRGVf2O/PbphbmEnJi811RQFuHALTgP5:6h+ZkldoPK8YacTyQ
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4496 set thread context of 4856 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 85 -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 4496 wrote to memory of 4856 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 85 PID 4496 wrote to memory of 4856 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 85 PID 4496 wrote to memory of 4856 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 85 PID 4496 wrote to memory of 4856 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 85 PID 4496 wrote to memory of 4856 4496 1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4496 -
C:\Users\Admin\AppData\Local\Temp\1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1bfaac4c57d83a709cebfb69d04bbe2e_JaffaCakes118.exe"2⤵PID:4856
-