Overview

overview

5

Static

static

3

493c226a16...18.exe

windows7-x64

5

493c226a16...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    2s
  • max time network
    0s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 03:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    493c226a16351fb5398ef0473965b872_JaffaCakes118.exe

  • Size

    5.0MB

  • MD5

    493c226a16351fb5398ef0473965b872

  • SHA1

    bda7f89d72526ff8085fb593c3f2120e671e3554

  • SHA256

    a8d098bc3e81972117153c550893775dc3d7f96f947f536037c7ccac0ed74389

  • SHA512

    61357bcf3f504bd6e7ee425100b1ea1c9e0a22b56bf39f2f64b115d3f6e5ce6474c91dd2e407b1a2fa14fc9d555d9b030f73fce143364d226b31c834ce1a8182

  • SSDEEP

    98304:yi67Sb+ci/PGAtaxHYIBME1/jluRlNHPMQ+ep8jjxYcIHomwMwWALlYrxQSZwb:yx7nn/PGAta5YIB5RMfvAep8jjeVoD7Z

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\493c226a16351fb5398ef0473965b872_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\493c226a16351fb5398ef0473965b872_JaffaCakes118.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color b
      2⤵
        PID:2684
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c cls
        2⤵
          PID:2752
      • C:\Windows\system32\verclsid.exe
        "C:\Windows\system32\verclsid.exe" /S /C {7007ACC7-3202-11D1-AAD2-00805FC1270E} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
        1⤵
          PID:2532

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3016-10-0x0000000140000000-0x00000001408B6000-memory.dmp

          Filesize

          8.7MB

          Download

        • memory/3016-16-0x0000000140000000-0x00000001408B6000-memory.dmp

          Filesize

          8.7MB

          Download

        • memory/3016-11-0x00000001400AF000-0x00000001403BF000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3016-9-0x00000000772C0000-0x00000000772C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3016-7-0x00000000772C0000-0x00000000772C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3016-5-0x00000000772C0000-0x00000000772C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3016-4-0x00000000772B0000-0x00000000772B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3016-2-0x00000000772B0000-0x00000000772B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3016-0-0x00000000772B0000-0x00000000772B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3016-17-0x00000000001F0000-0x00000000001F1000-memory.dmp

          Filesize

          4KB

          Download