Overview

overview

7

Static

static

3

0652972a34...18.exe

windows7-x64

7

0652972a34...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 13:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0652972a34fbca3960cd25561de6eb8e_JaffaCakes118.exe

  • Size

    38KB

  • MD5

    0652972a34fbca3960cd25561de6eb8e

  • SHA1

    df747ad9771272db99e65def814c146825c1ea38

  • SHA256

    82d53405e067b3274a77d6b86c96dc2c54a3e9fc1b25d951b6f926e69e7e9e2b

  • SHA512

    83339f015ec318dc9f2bab4c031a61507f44c9ad089c44f9ef27903a3c56c962c953142751c248bb60a251d087cfe45a2b3ef8502bbb5568af7f5703f893059f

  • SSDEEP

    768:UvWoj+WFxiYqV7bKAQqstCHkFHkNgoGQSSpP2r9iUpJ6JLE2L8s0GmqXGl0/c8:1oj+Cx7qxjQbtJENgRQjP2r9BWxI+mqE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0652972a34fbca3960cd25561de6eb8e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0652972a34fbca3960cd25561de6eb8e_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:4396
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x340 0x344
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\BASSMOD.dll
    Filesize

    9KB

    MD5

    32c869f491d1a146d0e3d29dff8f2311

    SHA1

    27894bd86c0e901711dec05894b4219171f19542

    SHA256

    42f92dbc7baf817703088e411970ac2b168b19c727839d93bc76adcf2a501ca7

    SHA512

    19938d016a4cd30fef59addf5880ea724c37fe64edc80b3602f2e536d0b40cef40db215894483d99579f41bc31b4c7d085b16e3f4142fd7a1fe2009d63704d16

    Download Submit

  • memory/4396-0-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4396-1-0x00000000001D0000-0x00000000001D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4396-6-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4396-8-0x00000000001D0000-0x00000000001D2000-memory.dmp

    Filesize

    8KB

    Download