Overview

overview

7

Static

static

3

1a7e80d872...18.exe

windows7-x64

7

1a7e80d872...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 07:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a7e80d8729d8830462215b0f1bbcb09_JaffaCakes118.exe

  • Size

    17KB

  • MD5

    1a7e80d8729d8830462215b0f1bbcb09

  • SHA1

    d073a779187acdac50d074e504d6a8659e9f79d2

  • SHA256

    6cdc62de183e957b9048f9e810d5c3c2e38d99ba9c8c95ccb01cc6f4e6ef63cf

  • SHA512

    2f0ba54b6a1d33070427e128dffeba9240e99f3d127c70b16f45812a8245f8234cacd9834959514f4ace66fe1f9aac9b3955ba1efeb82f4d6a2b710a37e11d1c

  • SSDEEP

    192:dDUjPSbN1UbfTJaJYjcGhkHg2IlRq4fdhRquXvnr5TI0U5hahin6e9eAQTICtMp3:WPIuTTJxjcGhUazquX/1bUiUn6ICtM9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 58 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a7e80d8729d8830462215b0f1bbcb09_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1a7e80d8729d8830462215b0f1bbcb09_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\tdll.dll
    Filesize

    27KB

    MD5

    7427c462cbbf223f6ace82c3c5c33e37

    SHA1

    136c0717cb7c13c720c1973406c54b40a5a13e7d

    SHA256

    953bb1887876a11bffb4d307e7f674300afe5875d4a4c8d2546e123ca1ebbd94

    SHA512

    e053193487ffc6cbf3fcf58ed8a3add9329a052a09a4f98c55723696b34cfb5684d5a8d1af23329fa44b9961f6efda1cc93ac0d6abc0ed476ae38e0becd22308

    Download Submit

  • \Windows\SysWOW64\webvw32.dll
    Filesize

    5KB

    MD5

    d39a293c5853a18495fc3a837c355c28

    SHA1

    aef2de58de7ea4b0deb661d53309993eb8d96bd3

    SHA256

    b0774e9eec725e80e39670444606c50ae6e70279bbe850307cac842bffb25711

    SHA512

    61e209385f80ded79877fb73f3b41ed02cc945ed4c74a11be9516637d6ca1be03e197eb108bd44186a42cf3db48beb47e8213b509a51bd6a93bcb0c3ddb3cc6f

    Download Submit

  • memory/1224-8-0x0000000000020000-0x0000000000029000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1224-7-0x0000000010000000-0x0000000010004000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1224-9-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download