Malware Analysis Report

2025-03-15 05:49

Sample ID 240623-1psnaatdma
Target 01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118
SHA256 c49c328c741e0380f36bf911614c198826b8becabaad8da3ae46a98fbe9950fd
Tags
aspackv2
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c49c328c741e0380f36bf911614c198826b8becabaad8da3ae46a98fbe9950fd

Threat Level: Shows suspicious behavior

The file 01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

aspackv2

ASPack v2.12-2.42

Loads dropped DLL

Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-23 21:49

Signatures

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-23 21:49

Reported

2024-06-23 21:52

Platform

win7-20240221-en

Max time kernel

140s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe"

Signatures

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 update.shdjt.com udp

Files

memory/2340-0-0x0000000000400000-0x0000000000551000-memory.dmp

\Users\Admin\AppData\Local\Temp\shdjt\krnln.fnr

MD5 638e737b2293cf7b1f14c0b4fb1f3289
SHA1 f8e2223348433b992a8c42c4a7a9fb4b5c1158bc
SHA256 baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b
SHA512 4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

\Users\Admin\AppData\Local\Temp\shdjt\iext.fnr

MD5 cba933625bfa502fc4a1d9f34e1e4473
SHA1 5319194388c0e53321f99f1541b97af191999a09
SHA256 25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013
SHA512 f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142

memory/2340-17-0x0000000000320000-0x0000000000364000-memory.dmp

\Users\Admin\AppData\Local\Temp\shdjt\HtmlView.fne

MD5 4c9e8f81bf741a61915d0d4fc49d595e
SHA1 d033008b3a0e5d3fc8876e0423ee5509ecb3897c
SHA256 951d725f4a12cd4ff713ca147fa3be08a02367db6731283c3f1ba30445990129
SHA512 cf2c6f8f471c8a5aad563bc257035515860689b73ce343599c7713de8bc8338a031a722f366e005bc1907d6fc97b68b8b415e8ff05b7324fb1040c5dc02315d7

memory/2340-21-0x0000000000250000-0x0000000000288000-memory.dmp

\Users\Admin\AppData\Local\Temp\shdjt\iext5.fne

MD5 b3bb60ee890e2a0f0ca3cdbdbfabc291
SHA1 294e85c5499eab16f648c1b411e1f6ced433ad7d
SHA256 69eb848232ea871eb6a041f212aaabde83488773c9adc32cffff1cd7bf9b7923
SHA512 6fa5e0979a8f0724a7527d57ee0a2b50ad5bdc2d416fed65d013e875e2a2a3ee0174d620d2b9b526887a082bc9ff5ce18bae509c4497784103d5a77a9a7b9956

memory/2340-25-0x00000000005E0000-0x000000000063C000-memory.dmp

\Users\Admin\AppData\Local\Temp\shdjt\eGrid.fne

MD5 90094079971d843d55f19f9d7315a42a
SHA1 18bebc755fc07a59c6680dd2bf844d417dbf6daf
SHA256 307af591d1cea90a3535ad3584bbd49ca5fb0fbc728dd4ffb88c392470c259d5
SHA512 4d17f7bdd2311b8ff500c981d787c473c87b884429e14690a430d47702063f861da2df842e64f630e899d95312e662820ddb4742bf5a2f7be7db3d0798eebc94

memory/2340-29-0x0000000002640000-0x00000000026B9000-memory.dmp

\Users\Admin\AppData\Local\Temp\shdjt\edroptarget.fne

MD5 c054c9322fe658afca7a31cee39a839a
SHA1 bb299b3fc2a0f0006e10bc6c5fbf22ae687dcfaa
SHA256 23a17adce02920c4fbfb62870073f5f585d332cf437b1e18d363822affef775e
SHA512 2ccf00f3d8bec59032585fe988f5690f9028e5bddeb3b6254b7ed19a873dc2f33edf600e4b86f35f6a5223f11805bd376d2ed6ae561ba9345f29f360e5cc2342

memory/2340-33-0x00000000003B0000-0x00000000003D7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lvdlq.ini

MD5 d2f38769635ecadd55061aa7ebf7cb14
SHA1 7cb904aeb3c92822df6df06d054c547d06a06ba7
SHA256 f097e5d5daf929ea7254b0bd47312472265e417d00ad28f25a9c4f59a62a6da0
SHA512 1998be10647d4ae0fc8e6a781d3e20b21ffddb89f716f124a410a7045615877e385864410fb378e571b39d1f8ebd1f2592214c608058ce91b89cae82f11cdb5e

\Users\Admin\AppData\Local\Temp\shdjt\EThread.fne

MD5 c07d0c81806217f7f16da817e63e26e0
SHA1 1bd2db477c68cdcba9ae5c3668bd76c51fc12d2e
SHA256 d9fc1ed7cfc83e7e390cc86b7b5bca1d2a16c0ddb8390aa6719a1aabe38ca62a
SHA512 843fdca3354666941fcaac3c2ce138567920426181a99acf78ee3c934b42f978cb0e52f329df9112689cbdad690c5cbdd757abe75beb6c2a6bdd17b55753829b

\Users\Admin\AppData\Local\Temp\shdjt\internet.fne

MD5 0503d44bada9a0c7138b3f7d3ab90693
SHA1 c4ea03151eeedd1c84beaa06e73faa9c1e9574fc
SHA256 7c077b6806738e62a9c2e38cc2ffefefd362049e3780b06a862210f1350d003e
SHA512 f14dfa273b514753312e1dfc873ac501d6aa7bbd17cd63d16f3bcb9caddcb5ea349c072e73448a2beb3b1010c674be9c8ad22257d8c7b65a3a05e77e69d3b7a8

memory/2340-68-0x0000000004350000-0x000000000438F000-memory.dmp

memory/2340-72-0x0000000000400000-0x0000000000551000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-23 21:49

Reported

2024-06-23 21:52

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\01c8c893bfec126ca9f448d58e5308b8_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 update.shdjt.com udp
US 8.8.8.8:53 update.shdjt.com udp

Files

memory/1628-0-0x0000000000400000-0x0000000000551000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\shdjt\krnln.fnr

MD5 638e737b2293cf7b1f14c0b4fb1f3289
SHA1 f8e2223348433b992a8c42c4a7a9fb4b5c1158bc
SHA256 baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b
SHA512 4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

C:\Users\Admin\AppData\Local\Temp\shdjt\iext.fnr

MD5 cba933625bfa502fc4a1d9f34e1e4473
SHA1 5319194388c0e53321f99f1541b97af191999a09
SHA256 25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013
SHA512 f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142

memory/1628-20-0x00000000026C0000-0x0000000002704000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\shdjt\HtmlView.fne

MD5 4c9e8f81bf741a61915d0d4fc49d595e
SHA1 d033008b3a0e5d3fc8876e0423ee5509ecb3897c
SHA256 951d725f4a12cd4ff713ca147fa3be08a02367db6731283c3f1ba30445990129
SHA512 cf2c6f8f471c8a5aad563bc257035515860689b73ce343599c7713de8bc8338a031a722f366e005bc1907d6fc97b68b8b415e8ff05b7324fb1040c5dc02315d7

memory/1628-27-0x0000000002710000-0x0000000002748000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\shdjt\iext5.fne

MD5 b3bb60ee890e2a0f0ca3cdbdbfabc291
SHA1 294e85c5499eab16f648c1b411e1f6ced433ad7d
SHA256 69eb848232ea871eb6a041f212aaabde83488773c9adc32cffff1cd7bf9b7923
SHA512 6fa5e0979a8f0724a7527d57ee0a2b50ad5bdc2d416fed65d013e875e2a2a3ee0174d620d2b9b526887a082bc9ff5ce18bae509c4497784103d5a77a9a7b9956

memory/1628-34-0x0000000002A60000-0x0000000002ABC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\shdjt\eGrid.fne

MD5 90094079971d843d55f19f9d7315a42a
SHA1 18bebc755fc07a59c6680dd2bf844d417dbf6daf
SHA256 307af591d1cea90a3535ad3584bbd49ca5fb0fbc728dd4ffb88c392470c259d5
SHA512 4d17f7bdd2311b8ff500c981d787c473c87b884429e14690a430d47702063f861da2df842e64f630e899d95312e662820ddb4742bf5a2f7be7db3d0798eebc94

memory/1628-41-0x0000000004A40000-0x0000000004AB9000-memory.dmp

memory/1628-48-0x0000000004AE0000-0x0000000004B07000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\shdjt\edroptarget.fne

MD5 c054c9322fe658afca7a31cee39a839a
SHA1 bb299b3fc2a0f0006e10bc6c5fbf22ae687dcfaa
SHA256 23a17adce02920c4fbfb62870073f5f585d332cf437b1e18d363822affef775e
SHA512 2ccf00f3d8bec59032585fe988f5690f9028e5bddeb3b6254b7ed19a873dc2f33edf600e4b86f35f6a5223f11805bd376d2ed6ae561ba9345f29f360e5cc2342

C:\Users\Admin\AppData\Local\Temp\lvdlq.ini

MD5 d2f38769635ecadd55061aa7ebf7cb14
SHA1 7cb904aeb3c92822df6df06d054c547d06a06ba7
SHA256 f097e5d5daf929ea7254b0bd47312472265e417d00ad28f25a9c4f59a62a6da0
SHA512 1998be10647d4ae0fc8e6a781d3e20b21ffddb89f716f124a410a7045615877e385864410fb378e571b39d1f8ebd1f2592214c608058ce91b89cae82f11cdb5e

C:\Users\Admin\AppData\Local\Temp\lvdlq.ini

MD5 e850acaf0a6c089b93f4ccc6616627f0
SHA1 a50ac3892646761dd731497bf3cb30e4163ad3d9
SHA256 49e538a1a0be270bfd1ae8f5c17e226d377e3eab1ba21509567093757bd6ce89
SHA512 78b9c8bd0e35afc4ed53ea04ee8a8286c2960f40022c9079ab7b85aad3127e67d7c6f919732d5fbaa53b50a8d5fdf4f35a3c9953c603fc0e5616461d3b9f3185

C:\Users\Admin\AppData\Local\Temp\shdjt\EThread.fne

MD5 c07d0c81806217f7f16da817e63e26e0
SHA1 1bd2db477c68cdcba9ae5c3668bd76c51fc12d2e
SHA256 d9fc1ed7cfc83e7e390cc86b7b5bca1d2a16c0ddb8390aa6719a1aabe38ca62a
SHA512 843fdca3354666941fcaac3c2ce138567920426181a99acf78ee3c934b42f978cb0e52f329df9112689cbdad690c5cbdd757abe75beb6c2a6bdd17b55753829b

C:\Users\Admin\AppData\Local\Temp\shdjt\internet.fne

MD5 0503d44bada9a0c7138b3f7d3ab90693
SHA1 c4ea03151eeedd1c84beaa06e73faa9c1e9574fc
SHA256 7c077b6806738e62a9c2e38cc2ffefefd362049e3780b06a862210f1350d003e
SHA512 f14dfa273b514753312e1dfc873ac501d6aa7bbd17cd63d16f3bcb9caddcb5ea349c072e73448a2beb3b1010c674be9c8ad22257d8c7b65a3a05e77e69d3b7a8

memory/1628-90-0x0000000005B30000-0x0000000005B6F000-memory.dmp

memory/1628-94-0x0000000000400000-0x0000000000551000-memory.dmp