Analysis Overview
SHA256
c49c328c741e0380f36bf911614c198826b8becabaad8da3ae46a98fbe9950fd
Threat Level: Shows suspicious behavior
The file 01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Loads dropped DLL
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-23 21:49
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-23 21:49
Reported
2024-06-23 21:52
Platform
win7-20240221-en
Max time kernel
140s
Max time network
118s
Command Line
Signatures
Loads dropped DLL
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | update.shdjt.com | udp |
Files
memory/2340-0-0x0000000000400000-0x0000000000551000-memory.dmp
\Users\Admin\AppData\Local\Temp\shdjt\krnln.fnr
| MD5 | 638e737b2293cf7b1f14c0b4fb1f3289 |
| SHA1 | f8e2223348433b992a8c42c4a7a9fb4b5c1158bc |
| SHA256 | baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b |
| SHA512 | 4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12 |
\Users\Admin\AppData\Local\Temp\shdjt\iext.fnr
| MD5 | cba933625bfa502fc4a1d9f34e1e4473 |
| SHA1 | 5319194388c0e53321f99f1541b97af191999a09 |
| SHA256 | 25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013 |
| SHA512 | f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142 |
memory/2340-17-0x0000000000320000-0x0000000000364000-memory.dmp
\Users\Admin\AppData\Local\Temp\shdjt\HtmlView.fne
| MD5 | 4c9e8f81bf741a61915d0d4fc49d595e |
| SHA1 | d033008b3a0e5d3fc8876e0423ee5509ecb3897c |
| SHA256 | 951d725f4a12cd4ff713ca147fa3be08a02367db6731283c3f1ba30445990129 |
| SHA512 | cf2c6f8f471c8a5aad563bc257035515860689b73ce343599c7713de8bc8338a031a722f366e005bc1907d6fc97b68b8b415e8ff05b7324fb1040c5dc02315d7 |
memory/2340-21-0x0000000000250000-0x0000000000288000-memory.dmp
\Users\Admin\AppData\Local\Temp\shdjt\iext5.fne
| MD5 | b3bb60ee890e2a0f0ca3cdbdbfabc291 |
| SHA1 | 294e85c5499eab16f648c1b411e1f6ced433ad7d |
| SHA256 | 69eb848232ea871eb6a041f212aaabde83488773c9adc32cffff1cd7bf9b7923 |
| SHA512 | 6fa5e0979a8f0724a7527d57ee0a2b50ad5bdc2d416fed65d013e875e2a2a3ee0174d620d2b9b526887a082bc9ff5ce18bae509c4497784103d5a77a9a7b9956 |
memory/2340-25-0x00000000005E0000-0x000000000063C000-memory.dmp
\Users\Admin\AppData\Local\Temp\shdjt\eGrid.fne
| MD5 | 90094079971d843d55f19f9d7315a42a |
| SHA1 | 18bebc755fc07a59c6680dd2bf844d417dbf6daf |
| SHA256 | 307af591d1cea90a3535ad3584bbd49ca5fb0fbc728dd4ffb88c392470c259d5 |
| SHA512 | 4d17f7bdd2311b8ff500c981d787c473c87b884429e14690a430d47702063f861da2df842e64f630e899d95312e662820ddb4742bf5a2f7be7db3d0798eebc94 |
memory/2340-29-0x0000000002640000-0x00000000026B9000-memory.dmp
\Users\Admin\AppData\Local\Temp\shdjt\edroptarget.fne
| MD5 | c054c9322fe658afca7a31cee39a839a |
| SHA1 | bb299b3fc2a0f0006e10bc6c5fbf22ae687dcfaa |
| SHA256 | 23a17adce02920c4fbfb62870073f5f585d332cf437b1e18d363822affef775e |
| SHA512 | 2ccf00f3d8bec59032585fe988f5690f9028e5bddeb3b6254b7ed19a873dc2f33edf600e4b86f35f6a5223f11805bd376d2ed6ae561ba9345f29f360e5cc2342 |
memory/2340-33-0x00000000003B0000-0x00000000003D7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lvdlq.ini
| MD5 | d2f38769635ecadd55061aa7ebf7cb14 |
| SHA1 | 7cb904aeb3c92822df6df06d054c547d06a06ba7 |
| SHA256 | f097e5d5daf929ea7254b0bd47312472265e417d00ad28f25a9c4f59a62a6da0 |
| SHA512 | 1998be10647d4ae0fc8e6a781d3e20b21ffddb89f716f124a410a7045615877e385864410fb378e571b39d1f8ebd1f2592214c608058ce91b89cae82f11cdb5e |
\Users\Admin\AppData\Local\Temp\shdjt\EThread.fne
| MD5 | c07d0c81806217f7f16da817e63e26e0 |
| SHA1 | 1bd2db477c68cdcba9ae5c3668bd76c51fc12d2e |
| SHA256 | d9fc1ed7cfc83e7e390cc86b7b5bca1d2a16c0ddb8390aa6719a1aabe38ca62a |
| SHA512 | 843fdca3354666941fcaac3c2ce138567920426181a99acf78ee3c934b42f978cb0e52f329df9112689cbdad690c5cbdd757abe75beb6c2a6bdd17b55753829b |
\Users\Admin\AppData\Local\Temp\shdjt\internet.fne
| MD5 | 0503d44bada9a0c7138b3f7d3ab90693 |
| SHA1 | c4ea03151eeedd1c84beaa06e73faa9c1e9574fc |
| SHA256 | 7c077b6806738e62a9c2e38cc2ffefefd362049e3780b06a862210f1350d003e |
| SHA512 | f14dfa273b514753312e1dfc873ac501d6aa7bbd17cd63d16f3bcb9caddcb5ea349c072e73448a2beb3b1010c674be9c8ad22257d8c7b65a3a05e77e69d3b7a8 |
memory/2340-68-0x0000000004350000-0x000000000438F000-memory.dmp
memory/2340-72-0x0000000000400000-0x0000000000551000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-23 21:49
Reported
2024-06-23 21:52
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Loads dropped DLL
Suspicious use of SetWindowsHookEx
Processes
C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.shdjt.com | udp |
| US | 8.8.8.8:53 | update.shdjt.com | udp |
Files
memory/1628-0-0x0000000000400000-0x0000000000551000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\shdjt\krnln.fnr
| MD5 | 638e737b2293cf7b1f14c0b4fb1f3289 |
| SHA1 | f8e2223348433b992a8c42c4a7a9fb4b5c1158bc |
| SHA256 | baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b |
| SHA512 | 4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12 |
C:\Users\Admin\AppData\Local\Temp\shdjt\iext.fnr
| MD5 | cba933625bfa502fc4a1d9f34e1e4473 |
| SHA1 | 5319194388c0e53321f99f1541b97af191999a09 |
| SHA256 | 25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013 |
| SHA512 | f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142 |
memory/1628-20-0x00000000026C0000-0x0000000002704000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\shdjt\HtmlView.fne
| MD5 | 4c9e8f81bf741a61915d0d4fc49d595e |
| SHA1 | d033008b3a0e5d3fc8876e0423ee5509ecb3897c |
| SHA256 | 951d725f4a12cd4ff713ca147fa3be08a02367db6731283c3f1ba30445990129 |
| SHA512 | cf2c6f8f471c8a5aad563bc257035515860689b73ce343599c7713de8bc8338a031a722f366e005bc1907d6fc97b68b8b415e8ff05b7324fb1040c5dc02315d7 |
memory/1628-27-0x0000000002710000-0x0000000002748000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\shdjt\iext5.fne
| MD5 | b3bb60ee890e2a0f0ca3cdbdbfabc291 |
| SHA1 | 294e85c5499eab16f648c1b411e1f6ced433ad7d |
| SHA256 | 69eb848232ea871eb6a041f212aaabde83488773c9adc32cffff1cd7bf9b7923 |
| SHA512 | 6fa5e0979a8f0724a7527d57ee0a2b50ad5bdc2d416fed65d013e875e2a2a3ee0174d620d2b9b526887a082bc9ff5ce18bae509c4497784103d5a77a9a7b9956 |
memory/1628-34-0x0000000002A60000-0x0000000002ABC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\shdjt\eGrid.fne
| MD5 | 90094079971d843d55f19f9d7315a42a |
| SHA1 | 18bebc755fc07a59c6680dd2bf844d417dbf6daf |
| SHA256 | 307af591d1cea90a3535ad3584bbd49ca5fb0fbc728dd4ffb88c392470c259d5 |
| SHA512 | 4d17f7bdd2311b8ff500c981d787c473c87b884429e14690a430d47702063f861da2df842e64f630e899d95312e662820ddb4742bf5a2f7be7db3d0798eebc94 |
memory/1628-41-0x0000000004A40000-0x0000000004AB9000-memory.dmp
memory/1628-48-0x0000000004AE0000-0x0000000004B07000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\shdjt\edroptarget.fne
| MD5 | c054c9322fe658afca7a31cee39a839a |
| SHA1 | bb299b3fc2a0f0006e10bc6c5fbf22ae687dcfaa |
| SHA256 | 23a17adce02920c4fbfb62870073f5f585d332cf437b1e18d363822affef775e |
| SHA512 | 2ccf00f3d8bec59032585fe988f5690f9028e5bddeb3b6254b7ed19a873dc2f33edf600e4b86f35f6a5223f11805bd376d2ed6ae561ba9345f29f360e5cc2342 |
C:\Users\Admin\AppData\Local\Temp\lvdlq.ini
| MD5 | d2f38769635ecadd55061aa7ebf7cb14 |
| SHA1 | 7cb904aeb3c92822df6df06d054c547d06a06ba7 |
| SHA256 | f097e5d5daf929ea7254b0bd47312472265e417d00ad28f25a9c4f59a62a6da0 |
| SHA512 | 1998be10647d4ae0fc8e6a781d3e20b21ffddb89f716f124a410a7045615877e385864410fb378e571b39d1f8ebd1f2592214c608058ce91b89cae82f11cdb5e |
C:\Users\Admin\AppData\Local\Temp\lvdlq.ini
| MD5 | e850acaf0a6c089b93f4ccc6616627f0 |
| SHA1 | a50ac3892646761dd731497bf3cb30e4163ad3d9 |
| SHA256 | 49e538a1a0be270bfd1ae8f5c17e226d377e3eab1ba21509567093757bd6ce89 |
| SHA512 | 78b9c8bd0e35afc4ed53ea04ee8a8286c2960f40022c9079ab7b85aad3127e67d7c6f919732d5fbaa53b50a8d5fdf4f35a3c9953c603fc0e5616461d3b9f3185 |
C:\Users\Admin\AppData\Local\Temp\shdjt\EThread.fne
| MD5 | c07d0c81806217f7f16da817e63e26e0 |
| SHA1 | 1bd2db477c68cdcba9ae5c3668bd76c51fc12d2e |
| SHA256 | d9fc1ed7cfc83e7e390cc86b7b5bca1d2a16c0ddb8390aa6719a1aabe38ca62a |
| SHA512 | 843fdca3354666941fcaac3c2ce138567920426181a99acf78ee3c934b42f978cb0e52f329df9112689cbdad690c5cbdd757abe75beb6c2a6bdd17b55753829b |
C:\Users\Admin\AppData\Local\Temp\shdjt\internet.fne
| MD5 | 0503d44bada9a0c7138b3f7d3ab90693 |
| SHA1 | c4ea03151eeedd1c84beaa06e73faa9c1e9574fc |
| SHA256 | 7c077b6806738e62a9c2e38cc2ffefefd362049e3780b06a862210f1350d003e |
| SHA512 | f14dfa273b514753312e1dfc873ac501d6aa7bbd17cd63d16f3bcb9caddcb5ea349c072e73448a2beb3b1010c674be9c8ad22257d8c7b65a3a05e77e69d3b7a8 |
memory/1628-90-0x0000000005B30000-0x0000000005B6F000-memory.dmp
memory/1628-94-0x0000000000400000-0x0000000000551000-memory.dmp