Overview

overview

10

Static

static

3

5fb1e03a45...18.exe

windows7-x64

10

5fb1e03a45...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 08:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fb1e03a456afef95e649623e011eb99_JaffaCakes118.exe

  • Size

    48KB

  • MD5

    5fb1e03a456afef95e649623e011eb99

  • SHA1

    6c50657c79ae3ff21b74159b80d0b59c3fb1c7a5

  • SHA256

    f4f05ce1865852ba161630b375592e7727c6526c8d1d4f8991780de2c7ea3721

  • SHA512

    7585e4dd5f0edc67c8d3f23f51851efd0b9a4ba15267ed69e9a55f19cfd603a4e9a24f25c15ac7bd7ec20194b0620e512c9837ffd7be3ae4b76bbc4ffe52504f

  • SSDEEP

    768:du72Nz94atJCpPpSp/duSdq935uj/ZNyDgef0CphpOxiFcW3SzNKdIDN9QERUKSl:Y2zsy9duSgbl1hrSRZNG6UKSfpD

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5fb1e03a456afef95e649623e011eb99_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\5fb1e03a456afef95e649623e011eb99_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2064-0-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2064-1-0x0000000000411000-0x0000000000413000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2064-5-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2064-2-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2064-8-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2064-10-0x0000000000411000-0x0000000000413000-memory.dmp

    Filesize

    8KB

    Download