Overview

overview

7

Static

static

3

506e4689c3...18.exe

windows7-x64

7

506e4689c3...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/05/2024, 16:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    506e4689c37480f75b9fefa86c4fbcb2_JaffaCakes118.exe

  • Size

    381KB

  • MD5

    506e4689c37480f75b9fefa86c4fbcb2

  • SHA1

    a9c2d58f611cd80df4280660241cc92170e2049a

  • SHA256

    1f333e2de2590a0d8990400991f4e4dc4f94ecfbee85d8ef69bf6a0d7bcea4a6

  • SHA512

    1c0fff39a5cb6c572156cd5c7850ec2c0c0a2f72f45f426a92ab59975f8c01dd5eada8abcc103d502a82f54142b6b67707a46ca3ea8dce76468858be6cdec386

  • SSDEEP

    6144:zf5g6CEAyz5eNueaoG9eFsAiWAWQbx4a5Tk/Yk5:zq6JXz5esb1IFNxf7aWv5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\506e4689c37480f75b9fefa86c4fbcb2_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\506e4689c37480f75b9fefa86c4fbcb2_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1940

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\jki3EFD.tmp
          Filesize

          263KB

          MD5

          01eb38a98103445a310f6c535ac610c1

          SHA1

          2368c5303c22145c06c4fb21b5ba978cb8d45a8c

          SHA256

          14bb8b8f3cd9860d8ba610d1aa32448a09bb77e4677520973ce1a215d5517cc7

          SHA512

          58e4a0a2ebbf7feb572941e33bdb2e9d5f63737b1c2a5b2c0a6ab85925e43690007f64b074f8a17ee6525c7b892cbcb1cc2a63b1d76dc5aba5a5b873c8f1c16d

          Download Submit

        • memory/1940-9-0x0000000007A30000-0x0000000007A3A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1940-5-0x0000000005640000-0x0000000005686000-memory.dmp

          Filesize

          280KB

          Download

        • memory/1940-6-0x0000000074A80000-0x0000000075230000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1940-7-0x0000000007E30000-0x00000000083D4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1940-8-0x0000000007960000-0x00000000079F2000-memory.dmp

          Filesize

          584KB

          Download

        • memory/1940-1-0x0000000074A8E000-0x0000000074A8F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1940-10-0x0000000074A80000-0x0000000075230000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1940-11-0x0000000074A80000-0x0000000075230000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1940-12-0x000000000ADE0000-0x000000000AE46000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1940-13-0x0000000074A80000-0x0000000075230000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1940-22-0x0000000074A8E000-0x0000000074A8F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1940-23-0x0000000074A80000-0x0000000075230000-memory.dmp

          Filesize

          7.7MB

          Download