522e247d5e3883097abb99fc7d047ac49692310c3a107b1066b42de670b02c19

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe
Size

241KB
MD5

30faf45363c85a3d2e90c71b18cfd7c4
SHA1

e7ad230ada5c5f101b4991932ee04ea47e5cb3c5
SHA256

522e247d5e3883097abb99fc7d047ac49692310c3a107b1066b42de670b02c19
SHA512

92697668caf3837b80f379239eaba5f913d60540fefe952812542c9a5a70b1c676ff2debf31e9fea6ce65f9d53fd45c9fe278e95ebb2d1b7eaf6e581e13499fb
SSDEEP

6144:8Rgym92YGB+40vPLGPAQVyK3achomI69VaxYQ:U6fu+40vPsVh19VjQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2900	winvnc.exe

Loads dropped DLL 5 IoCs

pid	Process
2728	30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe
2728	30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe
2900	winvnc.exe
2900	winvnc.exe
2900	winvnc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2900	winvnc.exe
2900	winvnc.exe
2900	winvnc.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2900	winvnc.exe
2900	winvnc.exe
2900	winvnc.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2900	2728	30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe	30
PID 2728 wrote to memory of 2900	2728	30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe	30
PID 2728 wrote to memory of 2900	2728	30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe	30
PID 2728 wrote to memory of 2900	2728	30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe	30
PID 2728 wrote to memory of 2900	2728	30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe	30
PID 2728 wrote to memory of 2900	2728	30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe	30
PID 2728 wrote to memory of 2900	2728	30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\30faf45363c85a3d2e90c71b18cfd7c4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Users\Admin\AppData\Local\Temp\7zS50AF.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS50AF.tmp\background.bmp

Filesize
1KB

MD5
392e960df38569460b5fb11e43a28623

SHA1
0eea9f3514d67a386fc8258c1d045dd8da3b1813

SHA256
6cf43afe37a9080ce304c09bdfe0d4c69babc8580a7b691f23d6db7195e09388

SHA512
09abe116364a16511c88f4bd2cb882d1f411e736a48a2f0293f7b90e18bc847c794e94e3e7a9cff180daa5a9302dd70b0b194a391b4d1d13bda97f0e38c9f2df

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS50AF.tmp\helpdesk.txt

Filesize
836B

MD5
c4c73dc878833f0b86db1ea5900fc916

SHA1
5deb8aa4ed1f18b92af073f3874721f7c08398f9

SHA256
26365811cea2f9e0a2f0b18ebd0ee71a9ce54773b36e1fcdc9de1d0d0e9633b3

SHA512
35be331d9694e0fbc7d605f99789a50c66adccc367110d0a794e270c8371c0460cbe1801a17a3a3d667ae5a801a3347f4786e3696c9b3647978d251b540ce065

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS50AF.tmp\icon1.ico

Filesize
4KB

MD5
d8e7b12228ae7bdf0f0f66cee3c27967

SHA1
d32707e36dff8b76b39d4cc06a78178b79c5bb07

SHA256
faac430a88536a332673175ec870aca0dd35a4a383af6e13eeecad18f4759b16

SHA512
aa93e70cd570399879331cd3fb84abf14ee3c9e458bdd3a62660c81b88ffdd8ccb65c54bb010ae074aa56280dbd7ff041ab756e6630a3554b4bdaa4d241738ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS50AF.tmp\icon2.ico

Filesize
4KB

MD5
984e93fc7cb70c16fa6a832c5b4dcb2b

SHA1
320996080dd7690d793b097d4420a235d6b91e12

SHA256
262429e8b1eb39b1ef18e838cfe6783beac7be0f0135c868a64edd3182c1f398

SHA512
27f881f1eaeed768719a6c0c48c628d001209d4da1917372e8a84b73e13a435fe2693fe16fdb46c3cb8634155354f101ba2af201104fbedf64f58a42091a35ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS50AF.tmp\logo.bmp

Filesize
7KB

MD5
aa16611219470c1e94aef22310295649

SHA1
b64841ebc0fd82663063a65e4b9c59ec349fbce1

SHA256
4db648774a03ec2718c1969f262f8e2effe2188fb46b34517ad83d8ce3fd98a0

SHA512
46907cf43a7213eea22e786c092418de7a5a887a59a775229a65e9c7f4927a521e54eea56e5ea60c80fddb160ecf0c076b446892fc38549b1dc590670c22d7a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS50AF.tmp\winvnc.exe

Filesize
240KB

MD5
b4c64a5fda48e9c4ff91d7e7d93ddf5b

SHA1
264dc61352a26ca136d8206ee40b58824a63ade7

SHA256
d7a8b19d476c351b7f04b0582494b4153a2580d89af233d1f1db7ad46b9a947f

SHA512
6e39c5432b064cfe190d14fe7bfc4b1ccfc3008bd18b1b98c10bcd666724a6a00650250055eea082ff5bc0007024dd0cc131aa109ed606952492f051e25f8c63

Download Submit