Overview

overview

7

Static

static

3

15b08d5b27...18.exe

windows7-x64

7

15b08d5b27...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 10:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    15b08d5b27246906f30a96005933afde_JaffaCakes118.exe

  • Size

    7.6MB

  • MD5

    15b08d5b27246906f30a96005933afde

  • SHA1

    0d48ef48ac98ea6f5bf658efeaacc140fb3ae34e

  • SHA256

    ef76ed7624f7d3322113b03c68c5a4962e51a94106c0fc92a60b3307be63b0ed

  • SHA512

    19198edceefd2f9e8cc84d26e845618dc4d15bd27959771efe983eaedcf4e9ca86feba8b0b30b7fd166b601897f08eb3b3893f2fe9fb103650a60769899aa753

  • SSDEEP

    196608:UX6NJCAdDgClPrzuJ6Dx0jyiNgifBtUnIhuTbyYDJfqFtev:UKLCAtgClzKIuae361TbyYtqFt2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15b08d5b27246906f30a96005933afde_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\15b08d5b27246906f30a96005933afde_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:4348
  • C:\Windows\servbrow.exe
    "C:\Windows\servbrow.exe" /Service
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3916
    • C:\Windows\servbrow.exe
      "C:\Windows\servbrow.exe" /Popup
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1768
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4172,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:8
    1⤵
      PID:1624

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\servbrow.exe
            Filesize

            7.6MB

            MD5

            ac32bbf506c03245e0c957c1e09b6f3f

            SHA1

            293593683f23f441058922b9401b6b2c8e158258

            SHA256

            c142317322a587dff1877be32a4cc7b366cf0f4651d8ae946c8529d15082a7ac

            SHA512

            67e847203f794ecfb29b5fc52c11a668547d1c9f2c0a2021da57c1f1bdd757e962fab515a073f4f1d20102c4e78735ff8fee0144f2e9fdfb9fadd724f1a188c3

            Download Submit