Overview

overview

10

Static

static

3

45a4175456...18.exe

windows7-x64

10

45a4175456...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 09:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45a417545660b1f227a0dd1bfcd8dcda_JaffaCakes118.exe

  • Size

    948KB

  • MD5

    45a417545660b1f227a0dd1bfcd8dcda

  • SHA1

    bac6e0bff34a099db014cfc887f695f942c1c018

  • SHA256

    87c7d79e1a76b264f81764c51a9c040ddc02db0ad56e6c6c38ea049ea48ad028

  • SHA512

    665d522d69093ed5fb4e4d2469e040d5fc73a69d69ec4e65b17086bb034a2567b14ccd7ff7433fc9c911cba8fc897b6a6b95e886c3f246af2375204f98c76808

  • SSDEEP

    12288:2CO7BdhTOPjSrHqyTu7g+0OtlyQhFJl6QX90KEjpNXj85vyfO5YHIroQqtNS1ENT:QBwX1hFLKC0Y6KQ

Score
10/10
mimikatz

Malware Config

Signatures

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • mimikatz is an open source tool to dump credentials on Windows 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45a417545660b1f227a0dd1bfcd8dcda_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\45a417545660b1f227a0dd1bfcd8dcda_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2944-0-0x000007FEF5353000-0x000007FEF5354000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2944-1-0x000000013F330000-0x000000013F422000-memory.dmp

    Filesize

    968KB

    Download

  • memory/2944-3-0x0000000000940000-0x00000000009DF000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2944-5-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2944-6-0x0000000000940000-0x00000000009DF000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2944-7-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

    Filesize

    9.9MB

    Download