Overview

overview

8

Static

static

3

5c3294eb5b...18.exe

windows7-x64

5c3294eb5b...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    6s
  • max time network
    7s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 13:46

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    5c3294eb5b7f2550d4d4856c0db8b953_JaffaCakes118.exe

  • Size

    96KB

  • MD5

    5c3294eb5b7f2550d4d4856c0db8b953

  • SHA1

    cbc7528a6698a3f4802b30adddcdb7023d12469a

  • SHA256

    4fb178d059c5fd21e411d24dc62891808e11ff580b854da96686fdd518e408b3

  • SHA512

    b61ea2428d0812882be53070ba29723250cf6e9b3c4a944d168048a70a6d8c168463fd7d8de5440dd7f0d063ddfbae387831a4944b8993feed3772cf06fe7486

  • SSDEEP

    1536:LVmY7L5yY872SWgRTNkFJZNkvHt63GfI/OiXAbhWLdQ75QdzugsJ+oLZmeO/T:pm2dt879RTK7ZNImIiXAbQL2aEgm+oL2

Score
8/10
persistenceprivilege_escalation

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c3294eb5b7f2550d4d4856c0db8b953_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5c3294eb5b7f2550d4d4856c0db8b953_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2520
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1976
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2728

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1976-5-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2520-0-0x0000000000400000-0x0000000000419000-memory.dmp

        Filesize

        100KB

        Download

      • memory/2520-3-0x0000000000400000-0x0000000000419000-memory.dmp

        Filesize

        100KB

        Download

      • memory/2520-2-0x0000000000401000-0x0000000000402000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-6-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

        Download