Malware Analysis Report

2024-11-13 13:35

Sample ID 240613-kvwn5awarr
Target a4ba0b047c544b3f8b091734b0903104_JaffaCakes118
SHA256 77d81471b3eba25cd90f986b1a5b509796b42d5089c06fe1d4df437e19b2e703
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

77d81471b3eba25cd90f986b1a5b509796b42d5089c06fe1d4df437e19b2e703

Threat Level: Shows suspicious behavior

The file a4ba0b047c544b3f8b091734b0903104_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Unsigned PE

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:55

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:55

Reported

2024-06-13 08:58

Platform

win7-20240611-en

Max time kernel

141s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlueSprite.Products.v1.0.Keygen.Only.READ.NFO-DI\Keygen.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BlueSprite.Products.v1.0.Keygen.Only.READ.NFO-DI\Keygen.exe

"C:\Users\Admin\AppData\Local\Temp\BlueSprite.Products.v1.0.Keygen.Only.READ.NFO-DI\Keygen.exe"

Network

N/A

Files

memory/3004-0-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-1-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-2-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-3-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-4-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-5-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-6-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-7-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-8-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-9-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-10-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-11-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-12-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-13-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-14-0x0000000000400000-0x000000000047C000-memory.dmp

memory/3004-15-0x0000000000400000-0x000000000047C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:55

Reported

2024-06-13 08:58

Platform

win10v2004-20240508-en

Max time kernel

140s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\BlueSprite.Products.v1.0.Keygen.Only.READ.NFO-DI\Keygen.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Processes

C:\Users\Admin\AppData\Local\Temp\BlueSprite.Products.v1.0.Keygen.Only.READ.NFO-DI\Keygen.exe

"C:\Users\Admin\AppData\Local\Temp\BlueSprite.Products.v1.0.Keygen.Only.READ.NFO-DI\Keygen.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2fc 0x508

Network

Files

memory/4008-0-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-1-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-2-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-3-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-4-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-5-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-6-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-7-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-8-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-9-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-10-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-11-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-12-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-13-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-14-0x0000000000400000-0x000000000047C000-memory.dmp

memory/4008-15-0x0000000000400000-0x000000000047C000-memory.dmp