Overview

overview

7

Static

static

3

218e7aa870...18.exe

windows7-x64

7

218e7aa870...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-05-2024 20:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    218e7aa87018147498e248e38f6aaf27_JaffaCakes118.exe

  • Size

    302KB

  • MD5

    218e7aa87018147498e248e38f6aaf27

  • SHA1

    4cdbc27d3cad0160451a47f405b2b9eb6a6623d2

  • SHA256

    99e8a0fd6be417bd5fc6ad414a1da4cb9f3a4b341b972d9b7c3cb6b4cf58c16a

  • SHA512

    dece67ad10f4259951ff58710a24dd3412affb107e786c27b10c029336aa5db838d63680c4454e8c65bf970edb469aeafbe2318b81595bfa24c7ebb4ee9f062c

  • SSDEEP

    6144:F+LjhEB1aWggNOpqY8zzBZ9iEVXZZNTlCdXxiIcYlt:F+Llmdgg4nyXZZZNT6hXNt

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\218e7aa87018147498e248e38f6aaf27_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\218e7aa87018147498e248e38f6aaf27_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dfs324B.tmp
    Filesize

    608KB

    MD5

    6ad886fddcec2a8bd3d7ff4b18bbdf04

    SHA1

    35bea8f3e88d61c37fee34411f245ba1204f27e1

    SHA256

    e31480f82305ffd0cbe33596006405ad9cc6bcbd91143ac236a180500a1996f1

    SHA512

    64c1e29aafc55e05d22dd8c3ede6b0aa3a09438c7074f699cdfed999b5197ab46466bf796e00e4c99236200d295e39fec57f1e8a7c80223fd478264a84954296

    Download Submit

  • memory/4548-11-0x0000000005C30000-0x0000000005CC2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4548-10-0x0000000074850000-0x0000000075000000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4548-7-0x00000000056A0000-0x000000000573E000-memory.dmp

    Filesize

    632KB

    Download

  • memory/4548-1-0x00000000011E0000-0x00000000011E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4548-12-0x0000000005CD0000-0x0000000005CDA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4548-9-0x00000000062C0000-0x0000000006864000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4548-3-0x000000007485E000-0x000000007485F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4548-0-0x00000000007C0000-0x0000000000886000-memory.dmp

    Filesize

    792KB

    Download

  • memory/4548-8-0x0000000005740000-0x000000000574A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4548-13-0x0000000074850000-0x0000000075000000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4548-14-0x0000000074850000-0x0000000075000000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4548-15-0x0000000008F20000-0x0000000008F86000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4548-16-0x0000000074850000-0x0000000075000000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4548-25-0x00000000007C0000-0x0000000000886000-memory.dmp

    Filesize

    792KB

    Download

  • memory/4548-26-0x000000007485E000-0x000000007485F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4548-27-0x0000000074850000-0x0000000075000000-memory.dmp

    Filesize

    7.7MB

    Download