0758c3b67bbd6f75152711753e38dae88e1ad50434f489823fed19bf0eb78e4c

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 22:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe
Size

241KB
MD5

650c78d9f4c873256c926ada1590a04f
SHA1

0ae45c63c1573b2bc4ea5a8f59e380991c0ad122
SHA256

0758c3b67bbd6f75152711753e38dae88e1ad50434f489823fed19bf0eb78e4c
SHA512

571b08fbefdb875890155ca0b5adeca0ce9f0ab18a0768be1251c67412927baec3a408b95ad6f08a26abc6a26c7863451f3f25d6999951147d5dc57f75315402
SSDEEP

6144:ORgym92YGB+40vPLGPAwVyKeachomI69VaxYG:O6fu+40vPcV019VjG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2260	winvnc.exe

Loads dropped DLL 5 IoCs

pid	Process
2708	650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe
2708	650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe
2260	winvnc.exe
2260	winvnc.exe
2260	winvnc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2260	winvnc.exe
2260	winvnc.exe
2260	winvnc.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2260	winvnc.exe
2260	winvnc.exe
2260	winvnc.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2260	2708	650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe	30
PID 2708 wrote to memory of 2260	2708	650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe	30
PID 2708 wrote to memory of 2260	2708	650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe	30
PID 2708 wrote to memory of 2260	2708	650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe	30
PID 2708 wrote to memory of 2260	2708	650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe	30
PID 2708 wrote to memory of 2260	2708	650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe	30
PID 2708 wrote to memory of 2260	2708	650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\650c78d9f4c873256c926ada1590a04f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Users\Admin\AppData\Local\Temp\7zSBD56.tmp\winvnc.exe
  .\winvnc.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSBD56.tmp\background.bmp

Filesize
1KB

MD5
392e960df38569460b5fb11e43a28623

SHA1
0eea9f3514d67a386fc8258c1d045dd8da3b1813

SHA256
6cf43afe37a9080ce304c09bdfe0d4c69babc8580a7b691f23d6db7195e09388

SHA512
09abe116364a16511c88f4bd2cb882d1f411e736a48a2f0293f7b90e18bc847c794e94e3e7a9cff180daa5a9302dd70b0b194a391b4d1d13bda97f0e38c9f2df

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSBD56.tmp\helpdesk.txt

Filesize
838B

MD5
db86ede35a8aae8bdd3fd1398ee3f15f

SHA1
611f09abb7cf36c5f97218658700d0040c2ea7d9

SHA256
0c9a83b7a03ab19e8ee76b94ac399c4c4bffb8f6b060e6a3e7aecf0c725fc418

SHA512
38dc8dd79a2a4be93eea3a293bd4ef3fb7cde758c48d2f9e4ef788b3ad14546b950578788a78d7ddb6eec26da86194ccc272fe344f4af669da97c9030031d95c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSBD56.tmp\icon1.ico

Filesize
4KB

MD5
d8e7b12228ae7bdf0f0f66cee3c27967

SHA1
d32707e36dff8b76b39d4cc06a78178b79c5bb07

SHA256
faac430a88536a332673175ec870aca0dd35a4a383af6e13eeecad18f4759b16

SHA512
aa93e70cd570399879331cd3fb84abf14ee3c9e458bdd3a62660c81b88ffdd8ccb65c54bb010ae074aa56280dbd7ff041ab756e6630a3554b4bdaa4d241738ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSBD56.tmp\icon2.ico

Filesize
4KB

MD5
984e93fc7cb70c16fa6a832c5b4dcb2b

SHA1
320996080dd7690d793b097d4420a235d6b91e12

SHA256
262429e8b1eb39b1ef18e838cfe6783beac7be0f0135c868a64edd3182c1f398

SHA512
27f881f1eaeed768719a6c0c48c628d001209d4da1917372e8a84b73e13a435fe2693fe16fdb46c3cb8634155354f101ba2af201104fbedf64f58a42091a35ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSBD56.tmp\logo.bmp

Filesize
7KB

MD5
aa16611219470c1e94aef22310295649

SHA1
b64841ebc0fd82663063a65e4b9c59ec349fbce1

SHA256
4db648774a03ec2718c1969f262f8e2effe2188fb46b34517ad83d8ce3fd98a0

SHA512
46907cf43a7213eea22e786c092418de7a5a887a59a775229a65e9c7f4927a521e54eea56e5ea60c80fddb160ecf0c076b446892fc38549b1dc590670c22d7a9

Download Submit
\Users\Admin\AppData\Local\Temp\7zSBD56.tmp\winvnc.exe

Filesize
240KB

MD5
b4c64a5fda48e9c4ff91d7e7d93ddf5b

SHA1
264dc61352a26ca136d8206ee40b58824a63ade7

SHA256
d7a8b19d476c351b7f04b0582494b4153a2580d89af233d1f1db7ad46b9a947f

SHA512
6e39c5432b064cfe190d14fe7bfc4b1ccfc3008bd18b1b98c10bcd666724a6a00650250055eea082ff5bc0007024dd0cc131aa109ed606952492f051e25f8c63

Download Submit