Analysis
-
max time kernel
139s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10-05-2024 05:59
General
-
Target
2dafed2d8919d3f2081327eed37b28e6_JaffaCakes118.exe
-
Size
743KB
-
MD5
2dafed2d8919d3f2081327eed37b28e6
-
SHA1
635290d8a7a9c522045b7cdbad14c9c228f36523
-
SHA256
6a0712ac14ace1977933ffcfa1ed35283aea2c6cf78161a78d25f84d90f9c816
-
SHA512
307becd9679ee76175a7ad8e7ba4ab1609a4dc9912c6a8fe563f665fb92f2e69f7301896d8762fa588144b41e6e5111950d435709259b3f2a1511c204e6f114f
-
SSDEEP
12288:Y9twMz8CcvDNqBTdilufZnEM8A5Nm2INpE3q9EDWQr/Xq+3aaqyi3f:qnI5qKlu+Mjg2sE3qYNTXq+3rQ
Score
10/10
Malware Config
Signatures
-
Detect ZGRat V1 1 IoCs
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2dafed2d8919d3f2081327eed37b28e6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2dafed2d8919d3f2081327eed37b28e6_JaffaCakes118.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4852-0-0x000000007539E000-0x000000007539F000-memory.dmpFilesize
4KB
-
memory/4852-1-0x00000000008A0000-0x0000000000964000-memory.dmpFilesize
784KB
-
memory/4852-2-0x00000000077C0000-0x00000000078F8000-memory.dmpFilesize
1.2MB
-
memory/4852-3-0x00000000052E0000-0x0000000005308000-memory.dmpFilesize
160KB
-
memory/4852-4-0x0000000075390000-0x0000000075B40000-memory.dmpFilesize
7.7MB
-
memory/4852-5-0x0000000007EB0000-0x0000000008454000-memory.dmpFilesize
5.6MB
-
memory/4852-6-0x00000000079F0000-0x0000000007A82000-memory.dmpFilesize
584KB
-
memory/4852-8-0x0000000075390000-0x0000000075B40000-memory.dmpFilesize
7.7MB