Malware Analysis Report

2025-04-14 03:33

Sample ID 240612-2wva5atfrf
Target a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118
SHA256 69762813ce27fe79c560fb43e2bca400b5b09af2b48d525e91bb41031ca0d1bc
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

69762813ce27fe79c560fb43e2bca400b5b09af2b48d525e91bb41031ca0d1bc

Threat Level: Likely benign

The file a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Script User-Agent

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 22:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 22:56

Reported

2024-06-12 22:58

Platform

win7-20240220-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe"

Signatures

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 paste.ee udp
US 104.21.84.67:443 paste.ee tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 22:56

Reported

2024-06-12 22:58

Platform

win10v2004-20240611-en

Max time kernel

94s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe"

Signatures

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 paste.ee udp
US 172.67.187.200:443 paste.ee tcp
US 8.8.8.8:53 200.187.67.172.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 9.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A