Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 22:17

General

  • Target

    736cd82770ad44fb456c06a0bc824ba0_JaffaCakes118.exe

  • Size

    104KB

  • MD5

    736cd82770ad44fb456c06a0bc824ba0

  • SHA1

    3dbbaa5d853ae90e589c307fd7b957df5c79190d

  • SHA256

    26971e412bfcc4a031f61a8563b0d537323bb136f19f44f782f1b400544dc167

  • SHA512

    0ca651606b78a86e71db928a9498d22653b77b66677a655ff1571864789b31b03a835437f03e5b590b3fb41a24d5266c41784628d403b15536d25f501230f97a

  • SSDEEP

    3072:OFzE1IgJNaQMOJRGlk9GCBTjz8PQ/92ZFE7ZnhfrhZ+J2ZE4aJPho6r:OFwhNaQMOJRGlk9GCBTjz84/92vElhz8

Score
10/10

Malware Config

Signatures

  • Windows security bypass 2 TTPs 1 IoCs
  • Windows security modification 2 TTPs 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\736cd82770ad44fb456c06a0bc824ba0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\736cd82770ad44fb456c06a0bc824ba0_JaffaCakes118.exe"
    1⤵
    • Windows security bypass
    • Windows security modification
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 292
      2⤵
      • Program crash
      PID:2356

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads