2e9ed8abbae1df78343a7fbe1280fed5f1e422b01d2385840df119116258d6f0

Analysis

max time kernel
142s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe
Size

1.2MB
MD5

28969616c9a8fb43e579a6b272878460
SHA1

b3130dc81619680eb57099033d45a92f0cd024b1
SHA256

2e9ed8abbae1df78343a7fbe1280fed5f1e422b01d2385840df119116258d6f0
SHA512

e30581624c6a8a43fcf905aebf2c2c457b038b97d30f991bd23f27232d8affe1e7b1616ac3e1fc027c199d63091aa20e07e8c13102cc302d8db1ad11c0f25a68
SSDEEP

24576:dTpshSp5FamgmxtwOqk3cCmrChD/Xsslw2Ok66jzz9RwHI:9pmSpLg+twOq/CmCD/Vlw2DHnz9n

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2952	sta.exe

Loads dropped DLL 3 IoCs

pid	Process
2884	28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe
2884	28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe
2952	sta.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2952	sta.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2952	sta.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2952	sta.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2952	sta.exe
2952	sta.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2952	2884	28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe	29
PID 2884 wrote to memory of 2952	2884	28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe	29
PID 2884 wrote to memory of 2952	2884	28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe	29
PID 2884 wrote to memory of 2952	2884	28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Users\Admin\AppData\Local\THINST~1\Cache\Stubs\A8658C~1\sta.exe
  "C:\Users\Admin\AppData\Local\THINST~1\Cache\Stubs\A8658C~1\sta.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\THINST~1\Cache\Stubs\A8658C~1\sta.exe

Filesize
28KB

MD5
68661199c7d338606b77fb86d97c78fb

SHA1
a8658ce2906623af49163062d2b22492c0a1851d

SHA256
c5eab870d78196dff921b836033a84d5785cedf6a0c298242c866ec7a99addcb

SHA512
9b1b7adacdf83f7f91ee047660cf8434d9e3c5f47cc20adaaef6bb548301ca54f958dbee43f949fe5a0715d3f81414f3908a951091dad528d0ae017df52bea90

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Smart Type Assistant\Registry.rw.tvr

Filesize
4KB

MD5
0838684b73d746b67b761d9f8a8cb979

SHA1
17e73f39187b7d1fe8e295ff74299536fdd7d798

SHA256
57191e61e260af275ec050469146141200e510de591a3a0d398a3ed234f04c1c

SHA512
5cc61b1fc514a39b0e365b15fe98972894ad98d5d4fb3524c24c84b7338b660c1466fcdded49b85242b32b7b9a2d7061e62285d14ffdeadd43e30f7cfc316082

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Smart Type Assistant\Registry.rw.tvr.lck

Filesize
60B

MD5
a14c72b51d113e7dfb12f646f32ebbec

SHA1
7e61d7782f0bcf1408e023ad774c7d3a23ced1db

SHA256
e5ce8243fbb2d91fb7c4d520f65b1454c9dd7e540a5e0c6fef27ef0f06bf8092

SHA512
a9719ab21591e54d530e79b89b4ad3357cfbcf79c4aa8bea3d5a8035c693b7a507ca671292479540579a1d82b3db0389ecdb2daa7ab8d6d95065a94a8b71c691

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Smart Type Assistant\TEMP\2936-4.manifest

Filesize
1KB

MD5
6aa615d8500b8526c7beb1d39336c85c

SHA1
d2e930161ea7c85459520e07717c9f32ece762dd

SHA256
84fe2e41eb0ad54e13dfd73e4a64af20997ea441785f8a51811f690ee9bd4d10

SHA512
ce7e317bc884aa06f79c65f5f798155e02cbfd55b78d021f52548cd2bd498760a67db1168983ddbde6a6b5d8962a96e0dec38b4336068bd8106fdf24ee4e47b5

Download Submit
\Users\Admin\AppData\Roaming\Thinstall\Smart Type Assistant\TEMP\correct.dll.TA

Filesize
1KB

MD5
666741bfae3ec07a07752c8b03e1e940

SHA1
494c4d93a328b8c2c631b9f9b925c2ac411657fb

SHA256
85383dd0e1bc4363a5b88e7df0b8b42d9606c387ea61561c1941027306746f5d

SHA512
7f41ccd3dd8671fe20fdd4f1acd02612913c50dc7ce28ec35f5082a69aa8e3ecf2b39bf479ff6c45dd31b3e89eeaf3b10d08fa94a4b1268af9a9009d766152ba

Download Submit
memory/2884-40-0x0000000075CF0000-0x0000000075CF1000-memory.dmp

Filesize
4KB

Download
memory/2884-41-0x0000000075CF0000-0x0000000075D37000-memory.dmp

Filesize
284KB

Download
memory/2884-4-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-1-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-12-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-19-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-9-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-10-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-11-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-13-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-8-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-7-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-32-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-117-0x000000007EF90000-0x000000007EFA0000-memory.dmp

Filesize
64KB

Download
memory/2884-39-0x000000007EF90000-0x000000007EFA0000-memory.dmp

Filesize
64KB

Download
memory/2884-38-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-30-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-3-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-53-0x0000000000420000-0x0000000000495000-memory.dmp

Filesize
468KB

Download
memory/2884-114-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-128-0x0000000075CF0000-0x0000000075D37000-memory.dmp

Filesize
284KB

Download
memory/2884-127-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-126-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2884-6-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-18-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-20-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-21-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-5-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-22-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-2-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-25-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-26-0x0000000001D10000-0x0000000001E62000-memory.dmp

Filesize
1.3MB

Download
memory/2884-46-0x0000000000420000-0x0000000000495000-memory.dmp

Filesize
468KB

Download
memory/2884-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2952-90-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2952-76-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-74-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-73-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-72-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-79-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-67-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-66-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-65-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-64-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-60-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-59-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-58-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-57-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-56-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-55-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-80-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-84-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-115-0x0000000075CF0000-0x0000000075D37000-memory.dmp

Filesize
284KB

Download
memory/2952-106-0x0000000075CF0000-0x0000000075D37000-memory.dmp

Filesize
284KB

Download
memory/2952-89-0x0000000075CF0000-0x0000000075D37000-memory.dmp

Filesize
284KB

Download
memory/2952-88-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-85-0x0000000075CF0000-0x0000000075D37000-memory.dmp

Filesize
284KB

Download
memory/2952-75-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-61-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-63-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-62-0x0000000000480000-0x00000000005D2000-memory.dmp

Filesize
1.3MB

Download
memory/2952-54-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download