Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11-04-2024 08:53
Behavioral task
behavioral1
Sample
ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
General
-
Target
ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe
-
Size
814KB
-
MD5
ed09fb8103c710575f0c3c3273a0c715
-
SHA1
f756909049cc33a3028881dff10a4cd04dd43727
-
SHA256
673c6a131d5bcfad879a35437104e05b072cb7c2140e11c606d81ecf18527ccb
-
SHA512
cbc05a53d7ca11e05773319087aaf2efa4032c7fc5ba3c0247bef5401d86ded47f8c3b47b5090fc95b9fe156a0bc19e7d1f4579fb25c7b572a0e68b43f4d8136
-
SSDEEP
24576:B0QRWoJEfg0oChGdJQbjPbNW5tYeP+GFEwmwT:uQRV2o3MPY5Am1T
Malware Config
Extracted
Family
darkcomet
Botnet
Guest16
C2
127.0.0.1:1604
Mutex
DC_MUTEX-F54S21D
Attributes
-
gencode
fTKCcbHM4U98
-
install
false
-
offline_keylogger
true
-
persistence
false
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exedescription pid process Token: SeIncreaseQuotaPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeSecurityPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeTakeOwnershipPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeLoadDriverPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeSystemProfilePrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeSystemtimePrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeProfSingleProcessPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeCreatePagefilePrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeBackupPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeRestorePrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeShutdownPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeDebugPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeSystemEnvironmentPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeChangeNotifyPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeRemoteShutdownPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeUndockPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeManageVolumePrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeImpersonatePrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: SeCreateGlobalPrivilege 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: 33 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: 34 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe Token: 35 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exepid process 1988 ed09fb8103c710575f0c3c3273a0c715_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1988-0-0x00000000003E0000-0x00000000003E1000-memory.dmpFilesize
4KB
-
memory/1988-1-0x0000000000400000-0x00000000004D9000-memory.dmpFilesize
868KB
-
memory/1988-3-0x0000000000400000-0x00000000004D9000-memory.dmpFilesize
868KB
-
memory/1988-6-0x0000000000400000-0x00000000004D9000-memory.dmpFilesize
868KB
-
memory/1988-9-0x0000000000400000-0x00000000004D9000-memory.dmpFilesize
868KB