Overview

overview

8

Static

static

3

f010137376...18.exe

windows7-x64

8

f010137376...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/04/2024, 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f010137376d5114805bc3b3a3a090391_JaffaCakes118.exe

  • Size

    6.1MB

  • MD5

    f010137376d5114805bc3b3a3a090391

  • SHA1

    e32666f3077f36a9d7927c01d1bf01bedc21ae87

  • SHA256

    cd836c43705cd054812d3d0be8c50db59d3f52679846e52fbc3bb19049abf6ae

  • SHA512

    4c4986db4b47b618dff1bee676852b0926911755c0f65a7db0c98f81a8406c49c1ea94c0e8a5e68bbf962dd82c4648406f202dd79873a026fb034914649d9327

  • SSDEEP

    196608:pjt1r2KLRt4Wt1zsegFte9ZQ9cFsCivIfJqIOeO:lrrHv4W/zgFtAZHsYJqeO

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f010137376d5114805bc3b3a3a090391_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f010137376d5114805bc3b3a3a090391_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Users\Admin\AppData\Local\Temp\f010137376d5114805bc3b3a3a090391_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\f010137376d5114805bc3b3a3a090391_JaffaCakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\f010137376d5114805bc3b3a3a090391_JaffaCakes118.exe
    Filesize

    6.4MB

    MD5

    d24b9355f3c3cd8b55d7bde140a4ef4a

    SHA1

    0e771621338b89d1a81a9df05c8a059f156d9f81

    SHA256

    ae5ee1808e4fa6358af6c5b72a7a35e0709e62d901471f2be95d9b6603bc54fa

    SHA512

    69dd95ec1beae29a55f89ae3871e26992c04912a95a65bfa3da6d9805cafb57f2645617a99319a369a05c673dabc1b5a0638fefc871b57a09773cd457ebe1349

    Download Submit

  • memory/1384-0-0x0000000000400000-0x0000000000AFC000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/1384-4-0x0000000000400000-0x0000000000AFC000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/3500-5-0x0000000000400000-0x0000000000B51000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/3500-7-0x0000000000400000-0x0000000000B51000-memory.dmp

    Filesize

    7.3MB

    Download