Overview

overview

5

Static

static

3

19498c2ac1...18.exe

windows7-x64

5

19498c2ac1...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    87s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-06-2024 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19498c2ac131974051d7adac28ceeeaa_JaffaCakes118.exe

  • Size

    214KB

  • MD5

    19498c2ac131974051d7adac28ceeeaa

  • SHA1

    3995e94a52a2a9919cef11cb1da633ea231b2b47

  • SHA256

    d5e4f9c0196feaa30993f496762e74608b709010f596657b74dad2c1370d2fe6

  • SHA512

    6685b532406ddd600d63a2a30f2d6fc10f0b751301575cc90f9dc8f080741a7d84e23fdea2adb9c26925849055041f1c1501590dbefbb82a888a92a38be8dfd3

  • SSDEEP

    3072:CgigP++ktLLS8ZsPWPD42Dc6gorR/+duY4M93pTN1xEKSu1/hg9Stx2bCNqvpk:8Yuk2CEY94M5fuKSygs2bCNq+

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 15 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19498c2ac131974051d7adac28ceeeaa_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\19498c2ac131974051d7adac28ceeeaa_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3112
    • C:\Users\Admin\AppData\Local\Temp\19498c2ac131974051d7adac28ceeeaa_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\19498c2ac131974051d7adac28ceeeaa_JaffaCakes118.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3212
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4832
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4832 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            PID:3412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2796-2-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2796-4-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2796-5-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2796-6-0x0000000002720000-0x000000000276F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2796-10-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/3112-0-0x00000000004A0000-0x00000000004A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3112-1-0x00000000004A0000-0x00000000004A8000-memory.dmp

    Filesize

    32KB

    Download