Overview

overview

6

Static

static

3

30abfbd447...18.exe

windows7-x64

6

30abfbd447...18.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2024 14:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30abfbd4475c976f0e6e484461f314be_JaffaCakes118.exe

  • Size

    45KB

  • MD5

    30abfbd4475c976f0e6e484461f314be

  • SHA1

    a11dce3b0a04629363bf7be17360c16495b3df2d

  • SHA256

    1dacd5e462a1e32b2a89a176dbc6b7fd2417df1161350f93d859a724617f0644

  • SHA512

    e85b66373e7adc23bf401b5200aa654d8cbaffeb08a3dd000cf34ef00531eab5a0c09c6b3ac750da6246277fa4363fac4d30ce5517361581d0b7ae1da5a2d125

  • SSDEEP

    768:wkXBuuwtbH6WHAKI4jhWhStqX/zBgo1AdiQyDwlJlac7V3mCYj8TbxZ0D6qp/d4+:3NSb1K2MawC+IA

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30abfbd4475c976f0e6e484461f314be_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\30abfbd4475c976f0e6e484461f314be_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1188

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1188-0-0x00007FF9B8285000-0x00007FF9B8286000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1188-1-0x000000001BA40000-0x000000001BAE6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/1188-2-0x00007FF9B7FD0000-0x00007FF9B8971000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1188-3-0x000000001C0A0000-0x000000001C56E000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/1188-4-0x000000001C620000-0x000000001C6BC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/1188-5-0x00007FF9B7FD0000-0x00007FF9B8971000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1188-6-0x000000001BB00000-0x000000001BB08000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1188-7-0x000000001C780000-0x000000001C7CC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1188-8-0x00007FF9B7FD0000-0x00007FF9B8971000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1188-9-0x00007FF9B7FD0000-0x00007FF9B8971000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1188-10-0x00007FF9B7FD0000-0x00007FF9B8971000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1188-11-0x00007FF9B8285000-0x00007FF9B8286000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1188-12-0x00007FF9B7FD0000-0x00007FF9B8971000-memory.dmp

    Filesize

    9.6MB

    Download