Overview

overview

8

Static

static

3

0073a6f1ef...18.exe

windows7-x64

0073a6f1ef...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    6s
  • max time network
    6s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19/06/2024, 20:54

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    0073a6f1ef7c1059784a47489062e8ed_JaffaCakes118.exe

  • Size

    124KB

  • MD5

    0073a6f1ef7c1059784a47489062e8ed

  • SHA1

    20d11d0c23a58695e8f8f00546efa1f3d22b059a

  • SHA256

    0a1811fb84e6e39fab5e1c043dfdfe1dff64f60298d96b2f8f8f38d000f02d90

  • SHA512

    47688172eebb6ba0eabc1c67165979fd5e317888438002ab83ba615beeeb9eeff37325cb9418a4638d517f59ec94c12c416cc020f87389bd8f3d7fef8beadf73

  • SSDEEP

    1536:6wLHnG0Y17nB5i2Bv3TDxu5H4E2h8uplliLFcHo5A4PXHuAkl5zCH:6wLHnWTB5i43sN4EyfiLiHo5LWAE5zY

Score
8/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0073a6f1ef7c1059784a47489062e8ed_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0073a6f1ef7c1059784a47489062e8ed_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2116
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2960
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2404

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2116-0-0x0000000001001000-0x0000000001002000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2116-1-0x0000000001000000-0x0000000001020000-memory.dmp

              Filesize

              128KB

              Download

            • memory/2116-2-0x0000000001000000-0x0000000001020000-memory.dmp

              Filesize

              128KB

              Download

            • memory/2404-6-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2960-5-0x0000000002E10000-0x0000000002E11000-memory.dmp

              Filesize

              4KB

              Download