Analysis Overview
SHA256
69762813ce27fe79c560fb43e2bca400b5b09af2b48d525e91bb41031ca0d1bc
Threat Level: Likely benign
The file a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Unsigned PE
Script User-Agent
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-12 22:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 22:56
Reported
2024-06-12 22:58
Platform
win7-20240220-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | paste.ee | udp |
| US | 104.21.84.67:443 | paste.ee | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 22:56
Reported
2024-06-12 22:58
Platform
win10v2004-20240611-en
Max time kernel
94s
Max time network
96s
Command Line
Signatures
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a2cf05d87b0cfd7149287f003b383b35_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | paste.ee | udp |
| US | 172.67.187.200:443 | paste.ee | tcp |
| US | 8.8.8.8:53 | 200.187.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |