Overview

overview

7

Static

static

3

2ea4fbfd59...18.exe

windows7-x64

7

2ea4fbfd59...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 02:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ea4fbfd593b93578a8c5f8090cb7f56_JaffaCakes118.exe

  • Size

    196KB

  • MD5

    2ea4fbfd593b93578a8c5f8090cb7f56

  • SHA1

    598b23f361bf353bc53d65d15fc62edf1509b4ae

  • SHA256

    d278576dd0eec2c7533c6b325aa97bea5bb12dec762fdfbfe40e4e73cb1bf798

  • SHA512

    a9108362f3999bf9b25bcea5a499973618eeaeb90db8afbac632acb711dc5f34c7f74b728aca020f054630e1a319711c351d7e3017b41fac686ee2a6e3aab8df

  • SSDEEP

    3072:dnSnalvOvtYzwnqSioDXxjuE9w2qbEUeZPorQ/4/46LKs9hmH:d0alvOvtgSiodjuYzqIvZ1/w46D/mH

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ea4fbfd593b93578a8c5f8090cb7f56_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ea4fbfd593b93578a8c5f8090cb7f56_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3040
    • \??\c:\users\admin\appdata\local\gvbqtyglwe
      "C:\Users\Admin\AppData\Local\Temp\2ea4fbfd593b93578a8c5f8090cb7f56_JaffaCakes118.exe" a -sc:\users\admin\appdata\local\temp\2ea4fbfd593b93578a8c5f8090cb7f56_jaffacakes118.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2628
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k ???s????h
    1⤵
      PID:2672

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\gvbqtyglwe
      Filesize

      19.4MB

      MD5

      012fb80edc9bf55a711da67c96cbdcd2

      SHA1

      2c4c7eb6abeb0e3aabf3a102569b1df533708fa6

      SHA256

      e9b742bdb061b556427f554d81b55b15ca5a21be61f2e7b200eb70b437c5b2ed

      SHA512

      6c851603ab6008130d93aff10700d93aa539b05babbf6238568e77768d05c40103249b8ce67bd32f101f6616e176a872cc7db01652072f0dbcaf7602c55aac46

      Download Submit