Analysis Overview
SHA256
77ddab3725f45705e6dfb758244b3b27c7b71cc672a37ab64cca06330064a854
Threat Level: Shows suspicious behavior
The file 4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Loads dropped DLL
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-16 20:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-16 20:00
Reported
2024-05-16 20:02
Platform
win7-20231129-en
Max time kernel
140s
Max time network
119s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe"
Network
Files
\Users\Admin\AppData\Local\Temp\{8AD0F83B-5B77-4068-AE2E-4116343D3B4A}\isshell.dat
| MD5 | 0a35f219461f5bfa2b72ad59f16a7a83 |
| SHA1 | 03e2f7fb02626dafc403165b17ce0ec074c6b52a |
| SHA256 | 125b445db83df1a09f915d11b50b4d8698b98fec9007053d92dfa48a0c170037 |
| SHA512 | b97188f63bae21c3655f6b573deb2cec03e77d1e133759e7c6af23f730d1dae28d0f2894f30088dea75923643164fd39fd15ada226580675bf7ec99f43363e2f |
memory/1044-3-0x0000000001DD0000-0x0000000002071000-memory.dmp
memory/1044-7-0x0000000000230000-0x0000000000231000-memory.dmp
memory/1044-9-0x0000000000400000-0x000000000044A000-memory.dmp
memory/1044-10-0x0000000001DD0000-0x0000000002071000-memory.dmp
memory/1044-13-0x0000000000230000-0x0000000000231000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-16 20:00
Reported
2024-05-16 20:02
Platform
win10v2004-20240508-en
Max time kernel
141s
Max time network
101s
Command Line
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ccd26be751ed0ea3c7bf3e33aff43b6_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 220.131.50.23.in-addr.arpa | udp |
| NL | 23.62.61.138:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.131.50.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\{8AD0F83B-5B77-4068-AE2E-4116343D3B4A}\isshell.dat
| MD5 | 0a35f219461f5bfa2b72ad59f16a7a83 |
| SHA1 | 03e2f7fb02626dafc403165b17ce0ec074c6b52a |
| SHA256 | 125b445db83df1a09f915d11b50b4d8698b98fec9007053d92dfa48a0c170037 |
| SHA512 | b97188f63bae21c3655f6b573deb2cec03e77d1e133759e7c6af23f730d1dae28d0f2894f30088dea75923643164fd39fd15ada226580675bf7ec99f43363e2f |
memory/4152-6-0x00000000022A0000-0x0000000002541000-memory.dmp
memory/4152-7-0x00000000022A0000-0x0000000002541000-memory.dmp
memory/4152-11-0x0000000002790000-0x0000000002791000-memory.dmp
memory/4152-13-0x0000000000400000-0x000000000044A000-memory.dmp
memory/4152-14-0x00000000022A0000-0x0000000002541000-memory.dmp
memory/4152-17-0x0000000002790000-0x0000000002791000-memory.dmp
memory/4152-21-0x00000000022A0000-0x0000000002541000-memory.dmp