Analysis Overview
SHA256
c7b50ecd1f3b2c77b78187fbed270dfb9886bf2f59657cbf85d57869e5cdfca0
Threat Level: Shows suspicious behavior
The file 030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
ASPack v2.12-2.42
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-23 22:32
Signatures
ASPack v2.12-2.42
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-23 22:32
Reported
2024-06-23 22:34
Platform
win7-20240221-en
Max time kernel
140s
Max time network
122s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe"
Network
Files
memory/2676-0-0x0000000000220000-0x0000000000221000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ConFig.Dat
| MD5 | 20a8645a60329d293332a08ac2a1909e |
| SHA1 | fdf159336bc7ce7579b6e5024596e6d9aaf52825 |
| SHA256 | 42f103ceb75dcf20f9e39ca3caad9cf4e2e426b058d91802f02722ba822875ca |
| SHA512 | 3014e4355472caa1c3a5d4c2d7909d5a851d3f964b6794756c92bf680441d67bb9fc1bff8d5cb3d9d1041d8641e09c4697ba78543d7bad14b2bd4635e1a11484 |
memory/2676-141-0x0000000000400000-0x0000000000E5D000-memory.dmp
memory/2676-143-0x0000000000220000-0x0000000000221000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-23 22:32
Reported
2024-06-23 22:35
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
160s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\030cfe1dcd1062c3ad8c6c47cdce0ffc_JaffaCakes118.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4456 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.116.69.13.in-addr.arpa | udp |
Files
memory/536-0-0x0000000002CF0000-0x0000000002CF1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ConFig.Dat
| MD5 | 423ba3b7328483fe421f9d4cc72bcd98 |
| SHA1 | fa7b4e706289e5cac0a0efe2bda1febc96d11119 |
| SHA256 | 63bca5d466036947aae3fb599c987d66303b182e742c819e29aba390efcad90c |
| SHA512 | 4db1f4bb1e4d7c9354e2fe860819d0336fb7672af5c71a280dfd1fecfe7fd6edfa6be5e3d221c2a7fac4dc35f7afec836e95176136dcf76d40756b1554c4ee0b |
C:\Users\Admin\AppData\Local\Temp\ConFig.Dat
| MD5 | 562fe34bc99e307bdcf9d9322e090aef |
| SHA1 | f3fa962a6c7a3035cb9c948d9017276b356e317f |
| SHA256 | afcd4616c14a399f80c62131a7cf28a64b4dee2444955408d855a9a16ebaaefd |
| SHA512 | 8e56a5008fc6c41069a9027d42a7ddc004ed4a1dff0c907804ed18f58f8fb975b1645d9245da22575511076812af80443fd94eb7bf952c0a6e2fb0cfb281e135 |
C:\Users\Admin\AppData\Local\Temp\ConFig.Dat
| MD5 | 1c4263520d6b00063b40fbfd505adc1b |
| SHA1 | 39abe730b27e68e238078a7b273b10f65df7f12f |
| SHA256 | 57f53ee1511e05700a5929a829e48ffb78514344dc3715ec9027a59c1cef6232 |
| SHA512 | 669f39212d13483c6d6a674519b9c4afb601097ff2ad5d1acd86091d626dc9f8538047e96e106b2f51c299ba2b61be6bb859c91590fa746eabf2f1f3c853c197 |
memory/536-141-0x0000000000400000-0x0000000000E5D000-memory.dmp
memory/536-143-0x0000000002CF0000-0x0000000002CF1000-memory.dmp