49286301a9d38f27194d169a7da5d3a6bb351073f0df2f56f9545434a70842e2

Analysis

max time kernel
91s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
Size

3.2MB
MD5

65d5ae4acda27c4bb47a179425030a3f
SHA1

6f504fbfc5c4740f8cf8dd77253f02e6db20d13e
SHA256

49286301a9d38f27194d169a7da5d3a6bb351073f0df2f56f9545434a70842e2
SHA512

a1895bfae4159756cb2b89e3ee67cee59574c1563c3ae1b0c8713e857c8f711c0f2633bc58dc8de7133ed7238b947837d2ea42b61ac6798e86971493d0fe3827
SSDEEP

98304:G2cPK8r/gia3xXjaBhbA2kBpxg0H6Qla:pCKywXjsAJgu6Z

Score

1^/10

Malware Config

Signatures

NTFS ADS 1 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\WinNT:\GSAGMHCQ,computer	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

pid process

1636 65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636 65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

description pid process

Token: SeDebugPrivilege 1636 65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

description	pid	process
Token: SeDebugPrivilege	1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 11 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

pid	process
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 11 IoCs

Processes:

65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

pid	process
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
1636	65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\65d5ae4acda27c4bb47a179425030a3f_JaffaCakes118.exe"
1⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aut56DA.tmp

Filesize
12KB

MD5
32430de585a98f480347e8f7b69b7bfa

SHA1
618cff46168d717dc3b8a1bb7564951186268840

SHA256
f651b3a8956e95a932c174c32fcb82ec19fa12b9a5a989aa0c40df5713a24acf

SHA512
8a81e0170d9bba995e37dec2b5589c02fef184d552175bf7312f98b3284e7b938e7efaa2257b3d4246a250f67a7bb7d605f9a60af77f21d859336b5ce391a8f4

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileBGSocial.png

Filesize
6KB

MD5
b77703fb2b033c0285020e22438f0bf2

SHA1
2cc0823bb53ae7feeb898ee08baf3d6a9dc74851

SHA256
b162da49fa6acfea931c31c5075bec526ae854058c53e073ac31af7551fe555f

SHA512
f55e82559b83d3dad529ff7f732aecc2895391b064118519ea1a504512fbd3a6e1c42057a28c7ffe06c4694929918f0c4967b611620f9fd3dd3ef598c9ac7e50

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileBroom.png

Filesize
1KB

MD5
13ad5fd8702cf1001039ef65057b5abc

SHA1
276508eceab5fe59315f4341252b39865a001cf7

SHA256
f631d6621cbf14d6f58ce627fca902e9e1e9cd4ad739fd337c80d2f03fdaf192

SHA512
8e0d0703c15dea9d349aa74b1a16102ed74470276118fe730fefe2e5d4f310940ca99c91aa4fa67af05357dd0def7a0da694509931512ad440b06f1694d85852

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileCheck.png

Filesize
576B

MD5
0e03ba3a2e559a460b2026ac1ade7e65

SHA1
374171afb2c1c1ed6b1156ba4e68bb4b37fd9a97

SHA256
a7b988b002872030bb3d0e8e971467f52fe54957f551275f9b70268899acc973

SHA512
1b4aa1cd79add3098676d01fc93b048a0cff2cf15136103c257a255aa06c532f6f81b0a9360095c6f82cde2951d31a983efa4b93045645af534aee04b97bad83

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileDetected.png

Filesize
784B

MD5
60cba2c463f1aa2a9bfc76d71fc78c3e

SHA1
6685c490fc4b940ca29b23a8c74798db861606f9

SHA256
63d1f17c811495a8937a3df01c0249920ab91c350d03257d26518a175dbe680f

SHA512
6b99b6b93753b211dfc607944ed445b3f9d89081eef9c70d3ddc6863050d33d211a2f97682c84e62118a4dcde164e257ccebb395c67a9e7c03219a198496c7e2

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileFB.png

Filesize
761B

MD5
ab46389e37caef41b01268f10022be84

SHA1
0002a09a25fcaa1731a4330e8aa477a125327d2e

SHA256
1b74526ac09708f542d70b8c5d7504c5e74a1c35e687d2d108a9e53a8e6cb8c4

SHA512
71c7407b9ff92d91201d634c7cbe16b9b3556d62075fdebb60c687d62dbc7831704611835a7ca9ca03f503cb4bca95b27f462a12e62447a4a910743994808eed

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileForum.png

Filesize
1KB

MD5
6f9c914cf85af0a66588743d43a98184

SHA1
e511cf691962f9e9feb148c9199a7442f2efbd20

SHA256
9f5c2cbf8833aa5b856128a8b72ed1897461579bf34e63e04275aac6d9544ff1

SHA512
56328230927468c2a696f0d3b9f00ba097047a1c7fdf274a4dbc30e4ce98e2b01bd4e339b24222749d0c945e1ec5469c904f050aafa4d79476ae03de62c8fdc9

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileGP.png

Filesize
1KB

MD5
feca8d130964da6f22e5d64bad36a4c4

SHA1
9f4589af066a2cb8286bdc38bca0a4e9b4c658d1

SHA256
51bf8dc56e34b0c6642f9c9a17b7d688012a4f8c785ad4d0a7c622b27a643f07

SHA512
0745660638e8e8c3ab79dbe8bdf1802d549228f45a74765821363912a122f227198cdb292a0802a3f367c904dff9a9c304f7d2e4ef4f1b5e4adb77a1ff70836f

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileInfo.png

Filesize
1KB

MD5
1f876f1bdcfa2eac9a8fc23bdf4f3cfc

SHA1
5ce600c6a80e015aa975e93a854cdc21f7527f70

SHA256
bd28aef963fca41e540657f06c7d839d04f3ef6b824bbae2bad3f933c8bcacf5

SHA512
a3ac47a1dd747154d41e946912e29f3f67aab17df84fddecd7e20dbee971793a6265534bb6a84beeeef692c1ff625a561ba6c7859b4feaea754e92a0d2f96de4

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileNav_FF.png

Filesize
7KB

MD5
68704e4afd7239e116a636ab8d0c2d35

SHA1
1558043c5668a4473aa7e15a2a6df7c83e4751df

SHA256
7bec6b4f6b27c6ddc47634c6365d11f1a227219093abf027562e1db4ed1e2595

SHA512
66edb3718dc8d7f8a514fece27d74068808e533b4790f31fffbe2ce72a1c88fa6e0aa502b148cfad087e0998efc3ebed9e6519642310f1706dd81ae4c6571940

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileNav_GG.png

Filesize
6KB

MD5
d18d8c135e855cf99b2d1aa80f5d6e6c

SHA1
53896f5488c44fae12071719a5b9a51adb7bd085

SHA256
fd308f922990d4b48ac5b5f16723d381f251235d81d5bcb99f9af0451d9d03dc

SHA512
e03d6232b02faef35ab94e9f7f3bbb85a089712552bdf58cf206fef86f489e25ba2ee4419fd5d9d6b418cab6c765d3978eb2209519a912b86d7a767594e65296

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileNav_IE.png

Filesize
6KB

MD5
381d55c64f2d1a60403b90f231928d9e

SHA1
68c45c19f772db9a1e3b174634f86322370e7a06

SHA256
1b7dd5a72d82e7e12f6ad976511daa51f14f4049f4f134ba30269f23053654ff

SHA512
6ec033f6db2b857da0ff6d3ebdf6cfa629fdd2f26ca0a9b32b5151f8ff7f573f64d617d596b7c9419292b6ff860909d46a4a7e8dcaee0d3d7b7334a33e82ef22

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileNav_OP.png

Filesize
3KB

MD5
463ebe5dcd388836c2dd309d8d09ea93

SHA1
0381ff94b55a465eeeeebd84a514eb545c370720

SHA256
c489bbf3042a296ef7c14968cf68f381f64a1891f094feaa892cc7ca67be60fa

SHA512
30da04eda22f3b3040acfd991643cb4b2fcd973041d906988f18a938ad8301a53acb6e01cd9b9cd3a7f1e35a370811e9c4bef756473dcbbc33e4a3a88c27221a

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFilePayPal.png

Filesize
1KB

MD5
343f5cc0c954613b7c22e562df769264

SHA1
3da6629f2711c688040de45c6211719e997112a7

SHA256
0e304c25aa7af5308ef97303fe24169321d1d2755c2e1b749d59a4b363f6fc29

SHA512
4945b683b95747099daed7d536ccbe6416126ffddb36acf08174e51a71da9f48d5030e42bd5972f6e420c7be3c4e60fe076cedfc9e00b099632275360e5c8dc6

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFilePercent.png

Filesize
898B

MD5
4e0b6b1d23d659f5e6dc232fb22c1d7f

SHA1
d16c4922bec421599d00ad56a2ae48e1cbebbbe6

SHA256
1943eac616d000288772d1e4f83f2fcef709daff44a339569e07f1612973c161

SHA512
c0a626df9b5720143054269063c7f46f7c317873c76491ca1145b8bc9d070a6dfa9033eef4e0271d8ce3a8a35a2932f44d40cbb6ae0b7a0636ace453523fbf1d

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileQuestion.png

Filesize
1KB

MD5
ab154075dd755aa1c4b51ac7f1a5e695

SHA1
50a2e9d81af059c8e0b66f507f39247e304aa37e

SHA256
9beef38030cc9f3380496fe35c9a9411768d1cbd4317f409aea03ce2f3e150c6

SHA512
028789e5c7e51aea9e4073a919b3eb5cadce83b2d600907e017c0b4e0852ac790a6d38e1772661f87fc0d1065d2c091c3aa1422d90ae744aefec289804176056

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileRapport.png

Filesize
821B

MD5
31d240cb199576f490654d1b70e0cd91

SHA1
e8ddb5abe5b77e553e4a26145cc8772c602aa5c0

SHA256
a84dba7d0cc882eeeb824a34243057a1767dd1df24040db9979a34f0b80374e1

SHA512
c88654d83d41c61be7d559e6bf7a48d6a8f7f713690651afdb00a4c7be9d1892c14ee47271f88441f1ff052182ea67cc1ef89dc3fb168e7474987bb3237369a0

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFileSearch.png

Filesize
1KB

MD5
9f10a51a9515065a77a7cc5bf0037aff

SHA1
45dca5c4a8617385406edbfb217716542ef9ea19

SHA256
f177e61fc6b6aa6bf5c4ce5a9be493d614c3eb26ac799a2627e828b6aa196b8f

SHA512
83dbd9dc82fd51ddab8c7d8a940e3586e274fa60c56fccb571c261f9d8b85942c6d9c7e78aff6e2d2dc51f34a09107919e437fa68de442eb81cb00e078518e62

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPCFilelogo-texte.png

Filesize
8KB

MD5
c1c88d9d21a0a40d420b06b0a6a7f516

SHA1
c3fd9a15805a1613f6844e9b954ebdaaa5e99e71

SHA256
3fdc227adc15347615b40e2c3bcdd839b5e37f8b89d732e733be1ad1f0f2e2a6

SHA512
4524d8ad84d5e6a4d85cae7d8d41403448f44439c1710728e538835dc99e59f43427a8a3370ee87b0f60d5c2c0e58a30f80fc5c815543a1d2a96e9f763e6854b

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPExit.png

Filesize
773B

MD5
3cfb93fa3bcb37739ac10b8e9394aee5

SHA1
ea2240fe80a56c7de24bb537b244ec77da6a2e11

SHA256
3466eb430e200a56d06418a861846f26a4b8689f2f051ec06851717449f1e740

SHA512
fa528e4805d279db338e80481b7368caea9dd450589174fd7f7fc7dc697bf56f2a50f84e152ad12847c574ce127b0113b765d9db89d57810e7a2cc6158c334bd

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPefface.png

Filesize
489B

MD5
e55e1da6759d3e322ea8c7384bde5198

SHA1
bb364d861af828fbe783540406b0a21fe07e80de

SHA256
133c3f78d5eb412719d0158eb5c2bdf000e30079ebe7957c64a603603fb29fce

SHA512
19a799ee721cca5f8b7a2f8b4b13f2e9158827a81f44332f47572b5c3a41b9e82d9d20fe3b4b5e840abdb47e200c81e369aad08e3dbe7a0005aef5f7d1e63a4a

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPnettoyer.png

Filesize
1KB

MD5
32046aa0e0c8eceab230f8fd6184786b

SHA1
e67ddd4a7fe601f274293e3710e0a2b93977cff0

SHA256
afa644de5a68ea025ef5245fab44272c9cb8fdce3378cfe6114c8aa5bc41ec19

SHA512
b60ae7cc289e6f6169482aa69a7c12945adce57b1f91dc6c273699a62f401d22dd38b78b56b0b03fa0e3f4fc145968a4e52579e8bb4df9ba1456af9a7a46ab90

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPnews.png

Filesize
4KB

MD5
19e0c9cc5f8ea904c330f0186dde8d87

SHA1
c9b7c8e68126de86a36347a64140b275853db506

SHA256
177e1f0406c0c6243d3f8de786b7126dced08878c57b437f984c0b9d6bc2eefc

SHA512
079b83b14d5d6a20bbea1a4add890053fb4d05a6584d2d55176502430292a01aa7e9640a8d6f07ea89b66c057d07874678a7fe985473857f0a4a9cd017b1bb33

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPoutils.png

Filesize
872B

MD5
1a4096e34672bad7712cf604461883eb

SHA1
8217d3a226301a0c56d827b45f5fde85f76b3321

SHA256
e427332e3e1717dd48153cd452613995ec5df9140c9b004c616eca5bd24b1488

SHA512
0782f78edeb0cfb79e325fc76a7027dbbe50167d425863dde734d27da811fdef3f70416e5d25794488fed76e7a53d9e70a2282fc1786caaac689582bf6d13132

Download Submit
C:\Users\Admin\AppData\Local\ZHP\ZHPcleaner\ZHPquitte.png

Filesize
702B

MD5
d177969fe692fc77d4768820f6459c43

SHA1
6d30fd2089837d433f6360de9637689ef17e50f7

SHA256
d32d912fe27008b32f5abef48c71539554aebaea1924b3bb4d3e26b233e928a2

SHA512
4d12e3df19ce0cb7276e00386f5e850847d1a177bdf00377e79ac075ba5e585fd7d2fb6153ced01947af4cdb44d47704a1eb424ba12a784942a337c4a4bbc23f

Download Submit