Overview

overview

10

Static

static

3

29de77a34e...18.exe

windows7-x64

10

29de77a34e...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/07/2024, 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29de77a34ed69c72875dbd22abea14b3_JaffaCakes118.exe

  • Size

    126KB

  • MD5

    29de77a34ed69c72875dbd22abea14b3

  • SHA1

    3b307453b237ab2ea33f8e8f16cfc555ead1462d

  • SHA256

    c34e1e7871997e41fab1d9778077f81db0736e7e5e970df894c994b51d90fda7

  • SHA512

    34d5c2e304cbbfeeb098711240c523af4ad9dccf86f1b2d9853bb5058fd8488740f2db8102afcfc149dfcc61f747d98b2a3eb1fa609ee93e65862f0ea32e8c00

  • SSDEEP

    3072:IkwMEwzVzlLrNYXTKCulwqeYoRp1TJHH0zdc4BVb:OMEO3CXTKCuKN1V+Rf

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    5a6sd4a4g98r4g4a96s448asdas465e4w9f4w948fwe84fasafe56484rg

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29de77a34ed69c72875dbd22abea14b3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\29de77a34ed69c72875dbd22abea14b3_JaffaCakes118.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:744
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4064
      • C:\Users\Admin\AppData\Local\Temp\tmp299.exe
        C:\Users\Admin\AppData\Local\Temp\tmp299.exe
        3⤵
        • Executes dropped EXE
        PID:3232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp299.exe
    Filesize

    98KB

    MD5

    5a908451010d115072e1748d263f01ce

    SHA1

    20bcd0ca1597be7298596384aba05f8bbead053c

    SHA256

    e601e5210e950f2d1afebfe5d81dc6ce9d5c043fccba2a3d8aae19f0af353ee2

    SHA512

    9b0cfc67f1abdc35f4bc3d4279a815b7a9a3a6e4fb238ee18385b48f01af414ae70014f13f091d1c6633f87e03d4a0d8bab3f5c07246e38b60c05f3bf007283b

    Download Submit

  • memory/744-0-0x0000000074672000-0x0000000074673000-memory.dmp

    Filesize

    4KB

    Download

  • memory/744-1-0x0000000074670000-0x0000000074C21000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/744-2-0x0000000074670000-0x0000000074C21000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/744-3-0x0000000074670000-0x0000000074C21000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/744-8-0x0000000074672000-0x0000000074673000-memory.dmp

    Filesize

    4KB

    Download

  • memory/744-9-0x0000000074670000-0x0000000074C21000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/744-10-0x0000000074670000-0x0000000074C21000-memory.dmp

    Filesize

    5.7MB

    Download