Overview

overview

3

Static

static

3

0037e6a196...18.exe

windows7-x64

1

0037e6a196...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/06/2024, 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0037e6a19615042a839cd74276d41a49_JaffaCakes118.exe

  • Size

    2.0MB

  • MD5

    0037e6a19615042a839cd74276d41a49

  • SHA1

    a1ab6f041f4a571e97700cad4df821cfee5d1c20

  • SHA256

    f08ba16e236abc7938ec12150bb9408cccb4aadd3d23cccab641d2cab738631a

  • SHA512

    28686846a11368da1905ffa172ed93bceb13e40767bb384f98c0612709c7c4bd9ab61ab2fad3cf7a1187e9eed161eb3823dd19e3f8c8a37c47f08aa0d5ff083f

  • SSDEEP

    1536:I/EvU6Z7YXsixucgwfBuWWWGr7OQvOs+a5HvjkcEJuHv:AEvU6a4pWz8jTxWuP

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0037e6a19615042a839cd74276d41a49_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0037e6a19615042a839cd74276d41a49_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1472-0-0x00007FF9A83E5000-0x00007FF9A83E6000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1472-1-0x00007FF9A8130000-0x00007FF9A8AD1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1472-2-0x000000001BE50000-0x000000001C31E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/1472-4-0x00007FF9A8130000-0x00007FF9A8AD1000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1472-5-0x00007FF9A8130000-0x00007FF9A8AD1000-memory.dmp

    Filesize

    9.6MB

    Download