Malware Analysis Report

2025-03-15 05:52

Sample ID 240628-k1622s1emb
Target 198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118
SHA256 021d5f7d81f8cfde810dca7d8fca6befb451305a32a114c840306b2da407d12f
Tags
vmprotect
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

021d5f7d81f8cfde810dca7d8fca6befb451305a32a114c840306b2da407d12f

Threat Level: Shows suspicious behavior

The file 198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect

VMProtect packed file

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-28 09:05

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 09:05

Reported

2024-06-28 09:07

Platform

win7-20240508-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JK14_testVC2008.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}" C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}" C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0" C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000 C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\JK14_testVC2008.exe

C:\Users\Admin\AppData\Local\Temp\JK14_testVC2008.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.jacky14.net udp
US 8.8.8.8:53 www.bez168.com udp

Files

memory/1660-0-0x0000000000400000-0x0000000000873000-memory.dmp

memory/1660-1-0x0000000000400000-0x0000000000873000-memory.dmp

memory/1660-6-0x0000000004B60000-0x0000000005BC2000-memory.dmp

\Users\Admin\AppData\Local\Temp\JK14_testVC2008.exe

MD5 5593cd5b5870147cc467fe6bab0e17fa
SHA1 f035e247ecba66d39c0971338534de762c90b7ae
SHA256 75f68c1db6e21038372860a88154528c1916b9a38fde5fb1dab2eea8247ecc06
SHA512 f3e4f948d482cb520bed6e69065957a2e1007804cbffd63195dc5e35ff68908cc834891224d7dc8e9ebc2ba0dd72b3c553abe76cc797d4530cd1284d2202211c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\dnserrordiagoff[1]

MD5 47f581b112d58eda23ea8b2e08cf0ff0
SHA1 6ec1df5eaec1439573aef0fb96dabfc953305e5b
SHA256 b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928
SHA512 187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\NewErrorPageTemplate[1]

MD5 cdf81e591d9cbfb47a7f97a2bcdb70b9
SHA1 8f12010dfaacdecad77b70a3e781c707cf328496
SHA256 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd
SHA512 977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\errorPageStrings[1]

MD5 e3e4a98353f119b80b323302f26b78fa
SHA1 20ee35a370cdd3a8a7d04b506410300fd0a6a864
SHA256 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66
SHA512 d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G17BROQF\httpErrorPagesScripts[1]

MD5 3f57b781cb3ef114dd0b665151571b7b
SHA1 ce6a63f996df3a1cccb81720e21204b825e0238c
SHA256 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad
SHA512 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

memory/1660-57-0x0000000008C00000-0x0000000008C02000-memory.dmp

memory/1660-58-0x0000000000400000-0x0000000000873000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 09:05

Reported

2024-06-28 09:07

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\198ed15d20f0d64bd9a7383e8508eaa4_JaffaCakes118.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/4688-0-0x0000000000400000-0x0000000000873000-memory.dmp

memory/4688-1-0x0000000000400000-0x0000000000873000-memory.dmp

memory/4688-22-0x0000000000400000-0x0000000000873000-memory.dmp