Analysis

  • max time kernel
    146s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06-05-2024 09:05

General

  • Target

    1bc160f03046481d45e4c82923311412_JaffaCakes118.exe

  • Size

    202KB

  • MD5

    1bc160f03046481d45e4c82923311412

  • SHA1

    bdf0c599149bb97669ebdfda7a6a7c318c789e9c

  • SHA256

    a7604712a13adc362220cb29fa9e63240d54ae239a03366ac9d67f885f8bd558

  • SHA512

    43eaf2962a1eab470ad6e0e94d9a436a87fc6a9946c403d234f03af6ae275df8b4722d1513e527aa05eecdb032d49a284c414a6744dd2f62d06f77223a7a8fc0

  • SSDEEP

    6144:QLV6Bta6dtJmakIM5JgCpVBVl30m8A2CSFixQft:QLV6Btpmk8gqv3ftEFnft

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1bc160f03046481d45e4c82923311412_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1bc160f03046481d45e4c82923311412_JaffaCakes118.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2296-0-0x00000000741C1000-0x00000000741C2000-memory.dmp

    Filesize

    4KB

  • memory/2296-1-0x00000000741C0000-0x000000007476B000-memory.dmp

    Filesize

    5.7MB

  • memory/2296-2-0x00000000741C0000-0x000000007476B000-memory.dmp

    Filesize

    5.7MB

  • memory/2296-4-0x00000000741C0000-0x000000007476B000-memory.dmp

    Filesize

    5.7MB