8e4aac045001ae75f9f2decf1d17ae627d53882a11fcac79ac31f882fe120fce

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15fdc94f47263fc0ed38a2e1d041d1c2_JaffaCakes118.exe
Size

60KB
MD5

15fdc94f47263fc0ed38a2e1d041d1c2
SHA1

11b386670bf7b205884af38022ec7342cdedd003
SHA256

8e4aac045001ae75f9f2decf1d17ae627d53882a11fcac79ac31f882fe120fce
SHA512

c7d303876a4e5f29c4cc6b7282cf5ec814ae379d9e5a0f2817db9cd46ac491d89efa10b97cbb2edef3233c8b0012321153aebd9afd988a616881dddb218d4e1a
SSDEEP

1536:SRoqnQYwMnV7MdoWuNXDoCgoFliP4aL3Wb5g6:SRXbwugdoxTQciP4aL3WFg6

Score

7^/10

persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Print Processors 1 TTPs 1 IoCs

Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

persistence

Print Processors

T1547.012

description	ioc	Process
File opened for modification	C:\Windows\system32\spool\PRTPROCS\x64\2868.tmp	15fdc94f47263fc0ed38a2e1d041d1c2_JaffaCakes118.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\spool\PRTPROCS\x64\2868.tmp	15fdc94f47263fc0ed38a2e1d041d1c2_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2004	15fdc94f47263fc0ed38a2e1d041d1c2_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	2004	15fdc94f47263fc0ed38a2e1d041d1c2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\15fdc94f47263fc0ed38a2e1d041d1c2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15fdc94f47263fc0ed38a2e1d041d1c2_JaffaCakes118.exe"
1⤵
- Boot or Logon Autostart Execution: Print Processors
- Drops file in System32 directory
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Print Processors

T1547.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Print Processors

T1547.012

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-0-0x0000000000411000-0x000000000041F000-memory.dmp

Filesize
56KB

Download
memory/2004-4-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2004-6-0x0000000000411000-0x000000000041F000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads