Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2024, 05:03

General

  • Target

    dbf051324f11b212a72360bd87f83cc3_JaffaCakes118.exe

  • Size

    265KB

  • MD5

    dbf051324f11b212a72360bd87f83cc3

  • SHA1

    83468f9b78b07f972a76b05afc6918dc48ad78d3

  • SHA256

    abeb6a5732318dc90dda6d05548903746dedc7bb8b453201e8088a609689ddb4

  • SHA512

    3e5fc5ceb498969d55fdaaf987bf8f6de04a54ae7538137f5858f0e5d6e2a2661e964941c13708e692c3d42a173d3f80e0596921f0cb81c7ab25022a2669cd94

  • SSDEEP

    3072:j4rWioa3blYcDTD/M1RjJxbZ3iQiiMfcFbaTh/INZyXz/8678ib1uMfwaIGrsxnY:jqx35Y6TD0l4ZBVINgXr8M/NZ5WCgX

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbf051324f11b212a72360bd87f83cc3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\dbf051324f11b212a72360bd87f83cc3_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2460

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\tmp6431.tmp

          Filesize

          129KB

          MD5

          b53237101787913dd6ff7eb02f5ffd5d

          SHA1

          3f16f85c2c1214af930a3e028bbaff171d8a9111

          SHA256

          4dffc0f593549577140448b48664e73ed85801da443c21e888ce40a81beb800f

          SHA512

          5a8c7f6051b6ee14e3ddc4c369dde48426776f8729385cad3e3f58f7758cf290988d664c63d6af2042cdeedb089c4d8eb3673fa369185dd3d1e1b39697ef7ca3

        • C:\Users\Admin\AppData\Local\Temp\tmp6444.tmp

          Filesize

          46KB

          MD5

          02d2c46697e3714e49f46b680b9a6b83

          SHA1

          84f98b56d49f01e9b6b76a4e21accf64fd319140

          SHA256

          522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

          SHA512

          60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

        • C:\Users\Admin\AppData\Local\Temp\tmp6469.tmp

          Filesize

          92KB

          MD5

          bd46342c69fd0683a51911e8976bf6b9

          SHA1

          17a2451a41ecaaa03e7634dfd5c534aff30d4ce4

          SHA256

          f1467f4fb97e82cbb8490d787f2ca113f32fcc94a6d008fffb3ae7e73e5a089b

          SHA512

          91e7f0bd5acd35b68788d077529b76a54e9bc4875129a2134bfd5ed5e27588cb43fea26a241e184d9170155c961c16bc724e00502f173351ec2df5c9e3cfb32f

        • memory/2460-0-0x00000000000C0000-0x000000000010A000-memory.dmp

          Filesize

          296KB

        • memory/2460-1-0x0000000073FE0000-0x00000000746CE000-memory.dmp

          Filesize

          6.9MB

        • memory/2460-2-0x0000000000250000-0x0000000000256000-memory.dmp

          Filesize

          24KB

        • memory/2460-3-0x00000000003D0000-0x000000000041E000-memory.dmp

          Filesize

          312KB

        • memory/2460-4-0x0000000000270000-0x0000000000276000-memory.dmp

          Filesize

          24KB

        • memory/2460-5-0x0000000004990000-0x00000000049D0000-memory.dmp

          Filesize

          256KB

        • memory/2460-114-0x0000000073FE0000-0x00000000746CE000-memory.dmp

          Filesize

          6.9MB