Analysis

  • max time kernel
    146s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-05-2024 06:09

General

  • Target

    1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe

  • Size

    202KB

  • MD5

    1652d682b9e12bf4a4e6b0e09c748abc

  • SHA1

    594a6c45e1ba7894dcb890967dae74482a8fe90e

  • SHA256

    051015f961c60fd8b5a6f6f9db935e73b25303c4bfcfaa24cd09a6ecae8fc016

  • SHA512

    32e7ef44e3569971865c74b7678445ebe538d37bca505bda5bd97c3fda70b7819da1c521141c7a1b7869f5c685f6923d339e74487ab8ace1a303e4fbd2d97c0c

  • SSDEEP

    6144:QLV6Bta6dtJmakIM5Tr8cCqESuheKLJcyfFo3nq:QLV6Btpmkpcbgvfyq

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:1652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1652-0-0x00000000743D1000-0x00000000743D2000-memory.dmp

    Filesize

    4KB

  • memory/1652-1-0x00000000743D0000-0x000000007497B000-memory.dmp

    Filesize

    5.7MB

  • memory/1652-2-0x00000000743D0000-0x000000007497B000-memory.dmp

    Filesize

    5.7MB

  • memory/1652-4-0x00000000743D0000-0x000000007497B000-memory.dmp

    Filesize

    5.7MB