Analysis
-
max time kernel
98s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
12/07/2024, 13:02
Static task
static1
Behavioral task
behavioral1
Sample
3d7bb7cc419669ec36c646149f21cc23_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3d7bb7cc419669ec36c646149f21cc23_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3d7bb7cc419669ec36c646149f21cc23_JaffaCakes118.exe
-
Size
1.4MB
-
MD5
3d7bb7cc419669ec36c646149f21cc23
-
SHA1
7d52fc7faded70f4460865ded76c6891e80b262a
-
SHA256
d32dd0539b75d800fdc0595154d52aed1658a95177c9e42b5c52768c8327e606
-
SHA512
599074ba55a3086ad1a7467cfe9491d2bcebeb6f1a54a54eccd049f52ad06e3d3e41a34e4146acc34ae2c7a6fd4bac87c8e4e6374590b69aa8e691a7362bde3b
-
SSDEEP
24576:5dmH36cY0IstVMSNL/Lb7I2Q163cCEpshK9pWhMDy/Q6wg1bEbUWrhKpikxr:eX6x+VpNLjbCw3c8IDk/1bEAWrcpi2r
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 4880 3d7bb7cc419669ec36c646149f21cc23_JaffaCakes118.exe 4880 3d7bb7cc419669ec36c646149f21cc23_JaffaCakes118.exe 4880 3d7bb7cc419669ec36c646149f21cc23_JaffaCakes118.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 4880 3d7bb7cc419669ec36c646149f21cc23_JaffaCakes118.exe 4880 3d7bb7cc419669ec36c646149f21cc23_JaffaCakes118.exe 4880 3d7bb7cc419669ec36c646149f21cc23_JaffaCakes118.exe