Overview

overview

7

Static

static

3

42909ecd1b...18.exe

windows7-x64

7

42909ecd1b...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13-07-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42909ecd1b02a8148b674cb3cda0e1d8_JaffaCakes118.exe

  • Size

    744KB

  • MD5

    42909ecd1b02a8148b674cb3cda0e1d8

  • SHA1

    93acdee408c22b6fa084dd20ae5ac3e49896f00f

  • SHA256

    02c02127959dd33e5a7dc1b8cfb531a2a899c98b5827aebc2e781ebd4a769eb9

  • SHA512

    9cb5e0bcebbb09724f7a8bb55a518ca39be9231a11c500aa8833dcb11f3c2ae24b8a9f792799b7afaa171b921cb80227d00f137bcf5aabc5575c4d3b9d5e26d4

  • SSDEEP

    12288:ygFAzQma3+4TTNMXOHI0isimUrASf3lAsh5zk8ttKJaSfGH1NmzhA0xvH4APbe6Y:jAzQ2BLgaV8+0TPy6ywtcek7/N

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42909ecd1b02a8148b674cb3cda0e1d8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\42909ecd1b02a8148b674cb3cda0e1d8_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2528
  • C:\Windows\boots.exe
    C:\Windows\boots.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2080

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\boots.exe
      Filesize

      744KB

      MD5

      42909ecd1b02a8148b674cb3cda0e1d8

      SHA1

      93acdee408c22b6fa084dd20ae5ac3e49896f00f

      SHA256

      02c02127959dd33e5a7dc1b8cfb531a2a899c98b5827aebc2e781ebd4a769eb9

      SHA512

      9cb5e0bcebbb09724f7a8bb55a518ca39be9231a11c500aa8833dcb11f3c2ae24b8a9f792799b7afaa171b921cb80227d00f137bcf5aabc5575c4d3b9d5e26d4

      Download Submit

    • memory/2528-0-0x0000000000400000-0x00000000004C3006-memory.dmp

      Filesize

      780KB

      Download

    • memory/2528-3-0x0000000000260000-0x0000000000261000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2528-8-0x0000000000400000-0x00000000004C3006-memory.dmp

      Filesize

      780KB

      Download

    • memory/2676-5-0x0000000000400000-0x00000000004C3006-memory.dmp

      Filesize

      780KB

      Download

    • memory/2676-9-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2676-10-0x0000000000400000-0x00000000004C3006-memory.dmp

      Filesize

      780KB

      Download

    • memory/2676-12-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download