Overview

overview

7

Static

static

3

2c0370397e...18.exe

windows7-x64

7

2c0370397e...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 10:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2c0370397e49f1ef74ca634914eb7351_JaffaCakes118.exe

  • Size

    18KB

  • MD5

    2c0370397e49f1ef74ca634914eb7351

  • SHA1

    a2c6a4fe0fcb2aa82878795620fa6899fe7ca63e

  • SHA256

    5e44d95be66d013d0345e45414517a8176d391aa8df97383ecdada584b7c5083

  • SHA512

    98d9046db2cb55bd84e1767f1d505feff226c33c8f22050c2e70f4ca2b9fe185dac2ec0e6e683c64e4343d561fb3191803b4f2a9cde159092016584b5f897966

  • SSDEEP

    384:p3wARuYZu8YUVAuLewblEN9CN6VxKbLAz+0+uH9lA9:p3j4x8ppLeelE6ImYK0hHTA9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3536
      • C:\Users\Admin\AppData\Local\Temp\2c0370397e49f1ef74ca634914eb7351_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\2c0370397e49f1ef74ca634914eb7351_JaffaCakes118.exe"
        2⤵
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3520
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2C0370~1.EXE > nul
          3⤵
            PID:4956
      • C:\Windows\SysWOW64\2c0370397e49f1ef74ca634914eb7351_JaffaCakes118.exe
        C:\Windows\SysWOW64\2c0370397e49f1ef74ca634914eb7351_JaffaCakes118.exe
        1⤵
        • Executes dropped EXE
        PID:1376

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\SysWOW64\2c0370397e49f1ef74ca634914eb7351_JaffaCakes118.exe
              Filesize

              18KB

              MD5

              2c0370397e49f1ef74ca634914eb7351

              SHA1

              a2c6a4fe0fcb2aa82878795620fa6899fe7ca63e

              SHA256

              5e44d95be66d013d0345e45414517a8176d391aa8df97383ecdada584b7c5083

              SHA512

              98d9046db2cb55bd84e1767f1d505feff226c33c8f22050c2e70f4ca2b9fe185dac2ec0e6e683c64e4343d561fb3191803b4f2a9cde159092016584b5f897966

              Download Submit

            • memory/1376-6-0x0000000000400000-0x0000000000448000-memory.dmp

              Filesize

              288KB

              Download

            • memory/3520-0-0x0000000000400000-0x0000000000448000-memory.dmp

              Filesize

              288KB

              Download

            • memory/3520-5-0x0000000000400000-0x0000000000448000-memory.dmp

              Filesize

              288KB

              Download