Overview

overview

7

Static

static

3

61bba6f655...18.exe

windows7-x64

3

61bba6f655...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 22:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    61bba6f655506a5381cf05b47fb0696d_JaffaCakes118.exe

  • Size

    77KB

  • MD5

    61bba6f655506a5381cf05b47fb0696d

  • SHA1

    407dd4a0a90bfd54990b2f18fd6abd7dff2317c6

  • SHA256

    0b5b09c3fadce52585740deca06560df3f513622752ecea248b11ae787716ecf

  • SHA512

    889619ca1cd4f770ca36c5907d8f557ffa28537a2b4f93a3385db30f65660a9e4d3c33fddbcfc70243595f0ee55c6bc37e15f2c17f2d421992f29087c64f8844

  • SSDEEP

    1536:r3kNmBL8W1bsWhCrudtlbThYNAo/SSz2CdLascuONcz:Hh8m4WzTNT5Q2Clg+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61bba6f655506a5381cf05b47fb0696d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\61bba6f655506a5381cf05b47fb0696d_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4976
  • C:\Windows\SysWOW64\CbEvtSvc.exe
    C:\Windows\SysWOW64\CbEvtSvc.exe -k netsvcs
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2944

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\CbEvtSvc.exe
          Filesize

          77KB

          MD5

          61bba6f655506a5381cf05b47fb0696d

          SHA1

          407dd4a0a90bfd54990b2f18fd6abd7dff2317c6

          SHA256

          0b5b09c3fadce52585740deca06560df3f513622752ecea248b11ae787716ecf

          SHA512

          889619ca1cd4f770ca36c5907d8f557ffa28537a2b4f93a3385db30f65660a9e4d3c33fddbcfc70243595f0ee55c6bc37e15f2c17f2d421992f29087c64f8844

          Download Submit

        • memory/2944-7-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/2944-9-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/2944-12-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/2944-18-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/4976-0-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/4976-1-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/4976-2-0x00000000006C0000-0x00000000006D6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/4976-3-0x0000000000401000-0x000000000040F000-memory.dmp

          Filesize

          56KB

          Download

        • memory/4976-10-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/4976-11-0x00000000006C0000-0x00000000006D6000-memory.dmp

          Filesize

          88KB

          Download