Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19-04-2024 22:01

General

  • Target

    fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe

  • Size

    1.0MB

  • MD5

    fb42a4d9e7a418782eacac2efeeb9acb

  • SHA1

    cc5a54f5b8cc11ebc3f45f1d734d2f5fa821e77a

  • SHA256

    97880ddd0dd524ff9c3bc68832b2db68c26619c7e923c4cf697b05cdac0b0e7e

  • SHA512

    063b3d9f0f9cd0d56eff2dc2c2504c3ac51a57cfbd75ee2b901508b48e9a0f61b3ef4a20fffd13376a31006644fa76f9640306f57a76d2446ca56584bad95180

  • SSDEEP

    24576:tfQYosxhhUF54clNf7+6uHAW92zt/sWu2BSMCqDoRt+Gn:To54clgLH+tkWJ0Nb

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fb42a4d9e7a418782eacac2efeeb9acb_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1368-0-0x00000000002F0000-0x0000000000400000-memory.dmp

    Filesize

    1.1MB

  • memory/1368-1-0x000007FEF5040000-0x000007FEF5A2C000-memory.dmp

    Filesize

    9.9MB

  • memory/1368-2-0x000000001AE70000-0x000000001AEF0000-memory.dmp

    Filesize

    512KB

  • memory/1368-3-0x0000000002120000-0x0000000002196000-memory.dmp

    Filesize

    472KB

  • memory/1368-4-0x000007FEF5040000-0x000007FEF5A2C000-memory.dmp

    Filesize

    9.9MB