Analysis Overview
SHA256
10a6ccd07faf1a68e3626db66fb496519d5481c729253460a9a7ffd6642612ac
Threat Level: Shows suspicious behavior
The file a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Unsigned PE
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:25
Platform
win7-20240611-en
Max time kernel
118s
Max time network
118s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | r1.reportbox3.info | udp |
| US | 8.8.8.8:53 | c1.reportbox3.info | udp |
| US | 8.8.8.8:53 | c2.reportbox3.info | udp |
| US | 8.8.8.8:53 | r2.reportbox3.info | udp |
Files
\Users\Admin\AppData\Local\Temp\TsuA93A2144.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
\Users\Admin\AppData\Local\Temp\{C0D992CE-AAD1-4B0D-A9E6-E2F31B3AB038}\_Setup.dll
| MD5 | f16ac5e1a96d31a997a6e4c8f1adae0c |
| SHA1 | c8b035cc4cc66172538dfdd115d1804afef357c9 |
| SHA256 | 044a8ac9085c3f5524817d8dbd0ade4d43b9ab72978e15e61fdf8b00b68f69cc |
| SHA512 | 35b2259c77e4e5c96657446b402cf1075dfd2e9c2d80029cc26ce796c8beb27a403917bbdef98760409ec0ea2afbbf853642638b0ea31e0166c1d29b6e4206e5 |
\Users\Admin\AppData\Local\Temp\{C0D992CE-AAD1-4B0D-A9E6-E2F31B3AB038}\Custom.dll
| MD5 | 0f44d43090e1e6784224ff618ce709ff |
| SHA1 | 1dd769d04e61e44ad3caf3aa28eb39b466477b34 |
| SHA256 | 93089adb588d7fd316e2d0ee6cb0b06bc92a314f5c90000f9515c87d635d2221 |
| SHA512 | 0eb3115652bc25bf981ad7edda4cb006fed41b080ea50b63011ccf0c13ebfe4a076af3dfc72caeb8f33f38e96ed92308c0ba367dc17db08ee46ea7c4b5c0207c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:25
Platform
win10v2004-20240508-en
Max time kernel
143s
Max time network
148s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a4d4c61ebcee98d1913665dcfb6a52ae_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4404,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r1.reportbox3.info | udp |
| US | 8.8.8.8:53 | c1.reportbox3.info | udp |
| US | 8.8.8.8:53 | r2.reportbox3.info | udp |
| US | 8.8.8.8:53 | c2.reportbox3.info | udp |
| US | 8.8.8.8:53 | c1.reportbox3.info | udp |
Files
C:\Users\Admin\AppData\Local\Temp\TsuA888F33D.dll
| MD5 | af7ce801c8471c5cd19b366333c153c4 |
| SHA1 | 4267749d020a362edbd25434ad65f98b073581f1 |
| SHA256 | cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e |
| SHA512 | 88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c |
C:\Users\Admin\AppData\Local\Temp\{FFD097D5-4696-476F-A584-0EB42433B523}\_Setup.dll
| MD5 | f16ac5e1a96d31a997a6e4c8f1adae0c |
| SHA1 | c8b035cc4cc66172538dfdd115d1804afef357c9 |
| SHA256 | 044a8ac9085c3f5524817d8dbd0ade4d43b9ab72978e15e61fdf8b00b68f69cc |
| SHA512 | 35b2259c77e4e5c96657446b402cf1075dfd2e9c2d80029cc26ce796c8beb27a403917bbdef98760409ec0ea2afbbf853642638b0ea31e0166c1d29b6e4206e5 |
C:\Users\Admin\AppData\Local\Temp\{FFD097D5-4696-476F-A584-0EB42433B523}\Custom.dll
| MD5 | 0f44d43090e1e6784224ff618ce709ff |
| SHA1 | 1dd769d04e61e44ad3caf3aa28eb39b466477b34 |
| SHA256 | 93089adb588d7fd316e2d0ee6cb0b06bc92a314f5c90000f9515c87d635d2221 |
| SHA512 | 0eb3115652bc25bf981ad7edda4cb006fed41b080ea50b63011ccf0c13ebfe4a076af3dfc72caeb8f33f38e96ed92308c0ba367dc17db08ee46ea7c4b5c0207c |