da2e679b3e9113d736e85298168eef56d4d11eb562075182005b41c403a45ee8

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
Size

549KB
MD5

456f8ce39234edf5234650532b8004aa
SHA1

4db1eff8b704d439bc06a348b707d3dfa86e15e0
SHA256

da2e679b3e9113d736e85298168eef56d4d11eb562075182005b41c403a45ee8
SHA512

73b890bbd6d7d90036447a2cf59e20e97a92e26293ff8a44fc40f007478839aafbd10348151202bcce0e1bfd4cccd8f239ae42501cd1c6aa25e7334a4d21f521
SSDEEP

12288:JEAvnWWj6J5Cm1xHoxG1/cWAd99yaZ5biZZsHhCQ:GAP6HCm12G1fABHZ5WZZmC

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
2440	456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\456f8ce39234edf5234650532b8004aa_JaffaCakes118.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\CCProxy.ini

Filesize
2KB

MD5
85ac923f0c15dcc5c6b9947153e64bcd

SHA1
29ed6d0c35283b0eb55c6f68f574b3f041871a27

SHA256
d4324c595c187cb358009cda11b834c3a3a42f8eb9a7ba3616bbc17a4b552a10

SHA512
f1fef00b09a38e7bed76c15bd0f787e13b3a902626c97a3ce606869d06a91657d1fcd7910cf112cb05fb7e6b05c689dbaa95da13f67b3a6234126f6216af7d40

Download Submit
memory/2440-367-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-476-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-4-0x00000000005C4000-0x00000000005CE000-memory.dmp

Filesize
40KB

Download
memory/2440-9-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-3-0x0000000000240000-0x0000000000242000-memory.dmp

Filesize
8KB

Download
memory/2440-2-0x0000000000630000-0x0000000000640000-memory.dmp

Filesize
64KB

Download
memory/2440-1-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-0-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-350-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-359-0x0000000000240000-0x0000000000242000-memory.dmp

Filesize
8KB

Download
memory/2440-358-0x0000000000630000-0x0000000000640000-memory.dmp

Filesize
64KB

Download
memory/2440-366-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-5-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-363-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-362-0x00000000005C4000-0x00000000005CE000-memory.dmp

Filesize
40KB

Download
memory/2440-377-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-388-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-400-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-410-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-421-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-431-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-443-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-454-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-464-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-10-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-487-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download
memory/2440-497-0x0000000000400000-0x00000000005CEF40-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads