Analysis Overview
SHA256
bec1b9f3fe45c9be0a1c9b68cad434fc18f99d267bece9afd1f4a5a9c7c6458d
Threat Level: Shows suspicious behavior
The file a69120fea6bc38fb77f4427a6260e970_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Uses the VBS compiler for execution
Suspicious use of SetThreadContext
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 16:45
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 16:45
Reported
2024-06-13 16:47
Platform
win7-20231129-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Uses the VBS compiler for execution
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1244 set thread context of 2512 | N/A | C:\Users\Admin\AppData\Local\Temp\a69120fea6bc38fb77f4427a6260e970_JaffaCakes118.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a69120fea6bc38fb77f4427a6260e970_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a69120fea6bc38fb77f4427a6260e970_JaffaCakes118.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Users\Admin\AppData\Local\Temp\a69120fea6bc38fb77f4427a6260e970_JaffaCakes118.exe"
Network
Files
memory/2512-8-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2512-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2512-4-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2512-2-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2512-0-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2512-10-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2512-11-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2512-13-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2512-12-0x0000000000400000-0x0000000000412000-memory.dmp
memory/2512-16-0x0000000000400000-0x0000000000412000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 16:45
Reported
2024-06-13 16:47
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Uses the VBS compiler for execution
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1672 set thread context of 1336 | N/A | C:\Users\Admin\AppData\Local\Temp\a69120fea6bc38fb77f4427a6260e970_JaffaCakes118.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a69120fea6bc38fb77f4427a6260e970_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a69120fea6bc38fb77f4427a6260e970_JaffaCakes118.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Users\Admin\AppData\Local\Temp\a69120fea6bc38fb77f4427a6260e970_JaffaCakes118.exe"
Network
Files
memory/1336-0-0x0000000000400000-0x0000000000412000-memory.dmp
memory/1336-2-0x0000000000400000-0x0000000000412000-memory.dmp
memory/1336-3-0x0000000000400000-0x0000000000412000-memory.dmp
memory/1336-7-0x0000000000400000-0x0000000000412000-memory.dmp