Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 10:13 UTC

General

  • Target

    282dcac35974575f937242bba67a37d6_JaffaCakes118.exe

  • Size

    123KB

  • MD5

    282dcac35974575f937242bba67a37d6

  • SHA1

    670e9d6d45142f96985d34b87cc95d29876e1262

  • SHA256

    11ab6478ea15503cfb699dffbdf9968a6e17d78a3c4bb6fe0991ffe1930e1516

  • SHA512

    ab3b92e5eee754af83f003983fdd61c7e418f511ccf9035cb6c9c039fe1a4b5c1ba9e4f5480f247c8baf906e65dbb9e4a76040003ade7bb1f8ba6387081758b3

  • SSDEEP

    3072:Eb9Sb1K9HK4CTbdcsvFWj+eDafue7o0qQk0BVkY3Poutu:E5SbwRK4CTbd9W7Dan7o0TBVkEPoS

Score
7/10

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\282dcac35974575f937242bba67a37d6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\282dcac35974575f937242bba67a37d6_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2376

Network

  • flag-us
    DNS
    d.trymedia.com
    282dcac35974575f937242bba67a37d6_JaffaCakes118.exe
    Remote address:
    8.8.8.8:53
    Request
    d.trymedia.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    d.trymedia.com
    dns
    282dcac35974575f937242bba67a37d6_JaffaCakes118.exe
    60 B
    119 B
    1
    1

    DNS Request

    d.trymedia.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NFAY0EOS\connecting_icon[1]

    Filesize

    301B

    MD5

    81f2114b7bcc913245df781df3eb9ae5

    SHA1

    46beb25a2a30e66c65ebddb72f836542e3655d21

    SHA256

    13237f6652c8a50f987ee5227ce16778117add802584a5e19ef892eac6e1d3e8

    SHA512

    446e34fc67e66d60a7e4a4ee65b47ca04198a8566c4d5cc665249fed8d8616cd6d674cb82621dfea4303cd7a1f90488027b352972219873bf90094d62e763b6c

  • memory/2376-0-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

  • memory/2376-3-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

  • memory/2376-27-0x0000000000400000-0x0000000000458000-memory.dmp

    Filesize

    352KB

  • memory/2376-33-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.