Overview

overview

7

Static

static

3

adb0f8767b...18.exe

windows7-x64

7

adb0f8767b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 09:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    adb0f8767bea7ac9d205e62186430607_JaffaCakes118.exe

  • Size

    454KB

  • MD5

    adb0f8767bea7ac9d205e62186430607

  • SHA1

    0348576acf0c5b280cc201c6458157ae16d41307

  • SHA256

    5022d40ad46ed72094cdc31662452b47e26a4f19edcc290cff448d3546de5d41

  • SHA512

    97d7b2069ee89504dd31b8cc556d7f2c87b6cce1834beaac52949c2063259d9880e2e0e228127cbe241a09e0f2b266a3c68345038b395b22c16a8c131d14cd9e

  • SSDEEP

    6144:vvaqS4IR/kviXzd4N6qJFldlibYOlU/glqmOgDVL5ul94BhunZQpLzms7VFPYYK:y/kviXzdyGYr/eDVL5ul2unZatC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adb0f8767bea7ac9d205e62186430607_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\adb0f8767bea7ac9d205e62186430607_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Users\Admin\AppData\Local\Temp\qfjesjluewfgfyu.exe
      "C:\Users\Admin\AppData\Local\Temp\\qfjesjluewfgfyu.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2968
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3792,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:8
    1⤵
      PID:1412

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\parent.txt
      Filesize

      454KB

      MD5

      adb0f8767bea7ac9d205e62186430607

      SHA1

      0348576acf0c5b280cc201c6458157ae16d41307

      SHA256

      5022d40ad46ed72094cdc31662452b47e26a4f19edcc290cff448d3546de5d41

      SHA512

      97d7b2069ee89504dd31b8cc556d7f2c87b6cce1834beaac52949c2063259d9880e2e0e228127cbe241a09e0f2b266a3c68345038b395b22c16a8c131d14cd9e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\qfjesjluewfgfyu.exe
      Filesize

      11KB

      MD5

      9a7e17351f0e74570b387600922e59e0

      SHA1

      017bf40ae2cb8321ee9825e3b93339fd41a148da

      SHA256

      44b9e76377582e04cc2fdc0c6b922634bcda5f9304419ddeac2833610249cc6c

      SHA512

      bb0bef29d7b60307bf77a81a358d55a7483b1fa81ed3e9453898b1d7629bd1ecab7ec92c505d6522f887549b4604edcdc8a5547b21f66b5c46b84169522f3ba3

      Download Submit

    • memory/2968-10-0x0000000001220000-0x0000000001228000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2968-13-0x00007FFF433A0000-0x00007FFF43D41000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2968-5-0x000000001B7D0000-0x000000001B814000-memory.dmp

      Filesize

      272KB

      Download

    • memory/2968-6-0x000000001BCE0000-0x000000001C1AE000-memory.dmp

      Filesize

      4.8MB

      Download

    • memory/2968-3-0x00007FFF433A0000-0x00007FFF43D41000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2968-7-0x000000001C250000-0x000000001C2EC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/2968-2-0x00007FFF43655000-0x00007FFF43656000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-11-0x00007FFF433A0000-0x00007FFF43D41000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2968-12-0x00007FFF433A0000-0x00007FFF43D41000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2968-4-0x00007FFF433A0000-0x00007FFF43D41000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2968-14-0x000000001F9F0000-0x000000001FA52000-memory.dmp

      Filesize

      392KB

      Download

    • memory/2968-17-0x00007FFF43655000-0x00007FFF43656000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2968-18-0x00007FFF433A0000-0x00007FFF43D41000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2968-19-0x00007FFF433A0000-0x00007FFF43D41000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2968-28-0x0000000022390000-0x0000000022B36000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/2968-29-0x00000000209C0000-0x0000000020E77000-memory.dmp

      Filesize

      4.7MB

      Download

    • memory/2968-30-0x00007FFF433A0000-0x00007FFF43D41000-memory.dmp

      Filesize

      9.6MB

      Download