Overview

overview

8

Static

static

3

17e5eaa69d...18.exe

windows7-x64

17e5eaa69d...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    6s
  • max time network
    9s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 23:15

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    17e5eaa69db236272026867fbcea6017_JaffaCakes118.exe

  • Size

    79KB

  • MD5

    17e5eaa69db236272026867fbcea6017

  • SHA1

    0c6383574209581775af2ae5e05dfe1a1046fc55

  • SHA256

    69e07860758f204d55930b1ab6d451e8260769b579cf2bfa4d75576aac87054e

  • SHA512

    7041b5561cf8dfa75faa29a8ba9481da90fa2cdf94a2b02e136a48f99ed9c8cee7ff31fecdedf649a5124e88e75ef8846383045a4849422fb13a59736e3293c3

  • SSDEEP

    1536:641eLm5c1OW4eVLiUaR6H9Jd9pn140GOUBStMPPonJlIK:eIW4eVeUdxpn1rZASSPPonJlIK

Score
8/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17e5eaa69db236272026867fbcea6017_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\17e5eaa69db236272026867fbcea6017_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1252
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1968
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2664

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1252-0-0x0000000001000000-0x0000000001016000-memory.dmp

              Filesize

              88KB

              Download

            • memory/1252-2-0x0000000001000000-0x0000000001016000-memory.dmp

              Filesize

              88KB

              Download

            • memory/1252-1-0x0000000001001000-0x0000000001002000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1968-5-0x0000000002D90000-0x0000000002D91000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2664-6-0x0000000002B30000-0x0000000002B31000-memory.dmp

              Filesize

              4KB

              Download