Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
27/01/2025, 15:11
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_40dc7fd5758e960d7262657003a1244e.jpg
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
JaffaCakes118_40dc7fd5758e960d7262657003a1244e.jpg
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_40dc7fd5758e960d7262657003a1244e.jpg
-
Size
22KB
-
MD5
40dc7fd5758e960d7262657003a1244e
-
SHA1
4d06e69129fac7fa8922080d0d9f9a706ac8bc1c
-
SHA256
d18e876916fd3652f94408aa72e690cbbd05c6091bbebe3f0c23575c69797fb1
-
SHA512
424c29e4bcc0fe41ce8eb78a38d177c944fc6c44c8ab8c2c19167fae950891652b285093d22a0c936b3c7d1eec62c1daca7aa077328f1a8f3f26b53f84f49194
-
SSDEEP
384:QLMCzfivOL51OowANVOZBCdDlbRSuqBEPdQ3uFc6GYku1OxEouCZ0rvwiTwJv6Y7:QAWYQ53TOZBCdeSPdQ3x6GYksOxEoutc
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 640 rundll32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 640 rundll32.exe 640 rundll32.exe
Processes
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40dc7fd5758e960d7262657003a1244e.jpg1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:640