2e9ed8abbae1df78343a7fbe1280fed5f1e422b01d2385840df119116258d6f0

Analysis

max time kernel
142s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe
Size

1.2MB
MD5

28969616c9a8fb43e579a6b272878460
SHA1

b3130dc81619680eb57099033d45a92f0cd024b1
SHA256

2e9ed8abbae1df78343a7fbe1280fed5f1e422b01d2385840df119116258d6f0
SHA512

e30581624c6a8a43fcf905aebf2c2c457b038b97d30f991bd23f27232d8affe1e7b1616ac3e1fc027c199d63091aa20e07e8c13102cc302d8db1ad11c0f25a68
SSDEEP

24576:dTpshSp5FamgmxtwOqk3cCmrChD/Xsslw2Ok66jzz9RwHI:9pmSpLg+twOq/CmCD/Vlw2DHnz9n

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3964	sta.exe

Loads dropped DLL 1 IoCs

pid	Process
3964	sta.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3964	sta.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3964	sta.exe
3964	sta.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
3964	sta.exe
3964	sta.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3964	sta.exe
3964	sta.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 3964	3968	28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe	82
PID 3968 wrote to memory of 3964	3968	28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe	82
PID 3968 wrote to memory of 3964	3968	28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\28969616c9a8fb43e579a6b272878460_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Users\Admin\AppData\Local\THINST~1\Cache\Stubs\A8658C~1\sta.exe
  "C:\Users\Admin\AppData\Local\THINST~1\Cache\Stubs\A8658C~1\sta.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Thinstall\Cache\Stubs\a8658ce2906623af49163062d2b22492c0a1851d\sta.exe

Filesize
28KB

MD5
68661199c7d338606b77fb86d97c78fb

SHA1
a8658ce2906623af49163062d2b22492c0a1851d

SHA256
c5eab870d78196dff921b836033a84d5785cedf6a0c298242c866ec7a99addcb

SHA512
9b1b7adacdf83f7f91ee047660cf8434d9e3c5f47cc20adaaef6bb548301ca54f958dbee43f949fe5a0715d3f81414f3908a951091dad528d0ae017df52bea90

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Smart Type Assistant\Registry.rw.tvr

Filesize
4KB

MD5
ff1eb80352d1e033644ebd7c5f239d3c

SHA1
147c7d51261b5465fa6e85c47398bbf8314fd7ac

SHA256
69533ba705c04078bd0b41f10bfc9ab761de55d27c1abad9bb5db99bcb3b2bd6

SHA512
ff0c90bab30d4f02065fa0007e3e31d80601bf63ddb5723bad113c45ed26041a0a91a9e7b19a9bd6715fb8e86cf37d66ef84723bc7733849bd331e6b9948e82f

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Smart Type Assistant\Registry.rw.tvr.lck

Filesize
60B

MD5
d526c4db443d224dd260b7273b48baef

SHA1
0c5731afc1c2350fc16691d8cb5837a544b86c37

SHA256
cc162ca3f7ceba5995b9b4252bd0495f58fd3cd80e27297457f7c9cc90949b27

SHA512
4f05c29fbf9c49dd84403f59af6443c1d78dd37f097ec2ef8c190fd2104cdf2b43291d0c1c12a432a54bbb700148abb046758048e869ed4c45b96891ca9848c0

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Smart Type Assistant\Registry.rw.tvr.transact

Filesize
4KB

MD5
34559d5fb9e6d7e9bc031a2f036eaa9e

SHA1
790796b19fc12a712346a8b76e465b2d62dfbc07

SHA256
61aebfcf8d7378f724fcfc62c4be754403829c966309f330833bcbd6bc8d3f76

SHA512
dccca15a2c881b9701d9bb6e105011c44481a21fa8968cd0fad18844be8f463a0e054befbefbff90d9da20ec413f1299df4a02956a88e55b77870687afdd72d4

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Smart Type Assistant\TEMP\3620-4.manifest

Filesize
1KB

MD5
6aa615d8500b8526c7beb1d39336c85c

SHA1
d2e930161ea7c85459520e07717c9f32ece762dd

SHA256
84fe2e41eb0ad54e13dfd73e4a64af20997ea441785f8a51811f690ee9bd4d10

SHA512
ce7e317bc884aa06f79c65f5f798155e02cbfd55b78d021f52548cd2bd498760a67db1168983ddbde6a6b5d8962a96e0dec38b4336068bd8106fdf24ee4e47b5

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Smart Type Assistant\TEMP\correct.dll.TA

Filesize
1KB

MD5
666741bfae3ec07a07752c8b03e1e940

SHA1
494c4d93a328b8c2c631b9f9b925c2ac411657fb

SHA256
85383dd0e1bc4363a5b88e7df0b8b42d9606c387ea61561c1941027306746f5d

SHA512
7f41ccd3dd8671fe20fdd4f1acd02612913c50dc7ce28ec35f5082a69aa8e3ecf2b39bf479ff6c45dd31b3e89eeaf3b10d08fa94a4b1268af9a9009d766152ba

Download Submit
memory/3964-62-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-64-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-58-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-106-0x00007FF8F7910000-0x00007FF8F7B05000-memory.dmp

Filesize
2.0MB

Download
memory/3964-57-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-46-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-47-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-48-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-69-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-79-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-81-0x00007FF8F7910000-0x00007FF8F7B05000-memory.dmp

Filesize
2.0MB

Download
memory/3964-49-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-50-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3964-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3964-51-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-52-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-53-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-75-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-71-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-70-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-67-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-66-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-65-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-56-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-63-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-54-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-61-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3964-55-0x0000000001FB0000-0x0000000002102000-memory.dmp

Filesize
1.3MB

Download
memory/3968-9-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-26-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-6-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3968-1-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-3-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-4-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-5-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-2-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-8-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-39-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-24-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-35-0x00007FF8F7910000-0x00007FF8F7B05000-memory.dmp

Filesize
2.0MB

Download
memory/3968-31-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-30-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-11-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-25-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-21-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-22-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-19-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-20-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-18-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-17-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-13-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-12-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-10-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-16-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-7-0x0000000002150000-0x00000000022A2000-memory.dmp

Filesize
1.3MB

Download
memory/3968-117-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download