Overview

overview

8

Static

static

7

ffe7304fd9...18.exe

windows7-x64

1

ffe7304fd9...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    12s
  • max time network
    16s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-04-2024 18:31

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-21T18:31:58Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240412-en/instance_29-dirty.qcow2\"}"
Report Analysis Logs

General

  • Target

    ffe7304fd920a3ae43cfe2c45575b599_JaffaCakes118.exe

  • Size

    1.4MB

  • MD5

    ffe7304fd920a3ae43cfe2c45575b599

  • SHA1

    24a3b73f5abee35b6e22fc686815f711607bd9a6

  • SHA256

    f29be2b0b42f0a732e26219812488d35185ed2b6c4b8bed6dcdcdd3247f7fbd8

  • SHA512

    ac913c88ff3223907a31ac436b0be64a535e7d9a48d2b72b33f7ccc928dde16f3677a24cdbf68ab32ca5abf457288da7dabd2fc275d7b5a719fe2a2eb57ec4b3

  • SSDEEP

    24576:Xp5pE4GMJAe/iggH+i8zWmnr/kYUlqm1PJ8n+1HiU:Xnp2vOkWWYbWwm1xDI

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffe7304fd920a3ae43cfe2c45575b599_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ffe7304fd920a3ae43cfe2c45575b599_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1032
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa39b7855 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads