Overview

overview

7

Static

static

3

1618288063...18.exe

windows7-x64

7

1618288063...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16182880634e9289af007508dfd85740_JaffaCakes118.exe

  • Size

    155KB

  • MD5

    16182880634e9289af007508dfd85740

  • SHA1

    dc71b2c133802dee2221d48b8a63e23533d37017

  • SHA256

    7d38ad8da0478c19153ec737aa72ff7a6a27e00355c4ea220a5f386484e6d3b8

  • SHA512

    54e888ea70af5ef8a9306011a8a3a7fe21f3cfe69c06b8344c2588526feeb825a9f3833536986f8a17cc84c3ba9a084e89ad67cab00fc08f64a7c47619a4a08d

  • SSDEEP

    3072:ZQZ90x4MNh/oqG5O7Lo+GlxLJqDdtHxk+KC:ZQZ9lMjAqGcxGfKzxkU

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16182880634e9289af007508dfd85740_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\16182880634e9289af007508dfd85740_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:648
    • C:\Users\Admin\AppData\Local\Temp\16182880634e9289af007508dfd85740_JaffaCakes118.TMP0.EXE
      "C:\Users\Admin\AppData\Local\Temp\16182880634e9289af007508dfd85740_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      PID:2300
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 252
        3⤵
        • Program crash
        PID:2220
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2300 -ip 2300
    1⤵
      PID:1160

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\16182880634e9289af007508dfd85740_JaffaCakes118.TMP0.EXE
      Filesize

      27KB

      MD5

      54bac76b2ba7144684efdd116237934d

      SHA1

      a722e47af841fea7f16c3b9613028aa37317f7b1

      SHA256

      dfdbbbaed73bead58b0c3eeb6a2947c1b66c7013d87b99b1b0bda964d61c6faa

      SHA512

      c5f145519dd451faf9478523d8cc9e94907673684fe1df8444e3295ed5dcc185594d6030f2ad3d17281035a4f0a9826afa068e70bd5a0bc4eadb21f403dc8182

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Arm5738.tmp
      Filesize

      104KB

      MD5

      59d397b82b8c065871a35cc869730e46

      SHA1

      30d67887eceb670d81d76f1c94d49cf9d996ae9d

      SHA256

      60c81fdb44869ea2d8b92ce62b43fa7c3c6863989b11862ddbdd0dd0d0adf509

      SHA512

      bfa3e3b793457e6330e5c5af90b3ef6b07f6ec044c12e7048117cdf884129f2b2c479f5e1abae2ea3209a5ce7a2195ae6327334bb6ba2cc84b146e0cc2f15763

      Download Submit