c3672d137a77ee801d9c141e4c64e5ecdbf3dba82274344260673c17bd2fefa0 | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 00:03

Sharing

Report Analysis Logs

General

Target

82426a6ea17243179139e4cc05d71c25_JaffaCakes118.exe
Size

9KB
MD5

82426a6ea17243179139e4cc05d71c25
SHA1

85d7ec38904e09e3f8218baba85f97b8f9b00775
SHA256

c3672d137a77ee801d9c141e4c64e5ecdbf3dba82274344260673c17bd2fefa0
SHA512

b8f4c2cf6fd7608b7614651d5e330f0e21fd299877f00c72424541993f5d0597e20f0637e07fd63d564e6c81ce2013d17bce301f8353795bca9c6e99ee404a61
SSDEEP

192:GBksu7EXVwVR2eMZZ3D93VnjdwCz93/gw:iVwX2eMdFnhwChPg

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2216	82426a6ea17243179139e4cc05d71c25_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2956	2216	82426a6ea17243179139e4cc05d71c25_JaffaCakes118.exe	30
PID 2216 wrote to memory of 2956	2216	82426a6ea17243179139e4cc05d71c25_JaffaCakes118.exe	30
PID 2216 wrote to memory of 2956	2216	82426a6ea17243179139e4cc05d71c25_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\82426a6ea17243179139e4cc05d71c25_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\82426a6ea17243179139e4cc05d71c25_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2216 -s 892
  2⤵
  PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2216-0-0x000007FEF5013000-0x000007FEF5014000-memory.dmp

Filesize
4KB

Download
memory/2216-1-0x0000000000360000-0x0000000000368000-memory.dmp

Filesize
32KB

Download
memory/2216-2-0x000007FEF5010000-0x000007FEF59FC000-memory.dmp

Filesize
9.9MB

Download
memory/2216-3-0x000007FEF5010000-0x000007FEF59FC000-memory.dmp

Filesize
9.9MB

Download