Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29-03-2024 17:49
Static task
static1
Behavioral task
behavioral1
Sample
28b8413419b5656cecb272e07079b047_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
28b8413419b5656cecb272e07079b047_JaffaCakes118.exe
Resource
win10v2004-20231215-en
General
-
Target
28b8413419b5656cecb272e07079b047_JaffaCakes118.exe
-
Size
5.9MB
-
MD5
28b8413419b5656cecb272e07079b047
-
SHA1
368a6d3aaab27e40d4c720430c3819e771125e37
-
SHA256
9a19b05e6b1086729de47bd9e86d789a62b764e30d944b83d67db89952e77cd4
-
SHA512
c7fba15a9c747ba4c463cee9fb45dfd10fd32ac71f60fbb19c98abeaf128327988b7ced480c86273824d1f8d02f8e03975aef7fe048a35ec71052d5e6a217202
-
SSDEEP
98304:iVQ0x7MTlxFxHfMlJExhGo/IJ2Tr/LIwjl3FQ0HP3c:gdlMTQlMIYTr/MK1CEs
Malware Config
Extracted
cobaltstrike
http://192.144.225.94:4444/Aov7
-
user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0; LG; LG-E906)
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
28b8413419b5656cecb272e07079b047_JaffaCakes118.exedescription pid process Token: 35 772 28b8413419b5656cecb272e07079b047_JaffaCakes118.exe