Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-04-2024 13:22
Static task
static1
Behavioral task
behavioral1
Sample
f12730070358850b733f58f400720be1_JaffaCakes118.ps1
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f12730070358850b733f58f400720be1_JaffaCakes118.ps1
Resource
win10v2004-20240412-en
General
-
Target
f12730070358850b733f58f400720be1_JaffaCakes118.ps1
-
Size
19KB
-
MD5
f12730070358850b733f58f400720be1
-
SHA1
374eeb82878edf40d5ed3439bcbdb6af7252d22d
-
SHA256
02ba68f3488110e5388c059d3b5474d4c9a44671f6415d104c769b1a02c97e91
-
SHA512
67cc38f687aa2155d2354b035b737816e5b13cefd3c32140a4e8ed01f4f15a1b85eea065ac8551f47f593fb5a9b317d0a8d1b778409956b53797a290c99472c4
-
SSDEEP
384:TRuFZ074UvlVGJfGdTfzQjOwjLMMrFSi4V55O5r3I3qaTk7pHcH6IghSmNJJe3mt:174UvqJOdTkqwjLM4FK5iE3qaTkdcH63
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 2860 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2860 powershell.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2860-4-0x000000001B650000-0x000000001B932000-memory.dmpFilesize
2.9MB
-
memory/2860-5-0x0000000001D90000-0x0000000001D98000-memory.dmpFilesize
32KB
-
memory/2860-6-0x000007FEF5970000-0x000007FEF630D000-memory.dmpFilesize
9.6MB
-
memory/2860-7-0x0000000002D50000-0x0000000002DD0000-memory.dmpFilesize
512KB
-
memory/2860-8-0x000007FEF5970000-0x000007FEF630D000-memory.dmpFilesize
9.6MB
-
memory/2860-9-0x0000000002D50000-0x0000000002DD0000-memory.dmpFilesize
512KB
-
memory/2860-10-0x0000000002D50000-0x0000000002DD0000-memory.dmpFilesize
512KB
-
memory/2860-11-0x0000000002D50000-0x0000000002DD0000-memory.dmpFilesize
512KB
-
memory/2860-12-0x000007FEF5970000-0x000007FEF630D000-memory.dmpFilesize
9.6MB