Overview

overview

10

Static

static

3

838542e51a...18.exe

windows7-x64

3

838542e51a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/08/2024, 20:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    838542e51acb792890b1b6ee6299e9b8_JaffaCakes118.exe

  • Size

    51KB

  • MD5

    838542e51acb792890b1b6ee6299e9b8

  • SHA1

    b7bb43702294264f56b67a7202b62cd9a0487fe6

  • SHA256

    82a72c5451cb5c4a0cf37c3a8ca6e50ea3ce7cc9fef2983376d00c0095489f6b

  • SHA512

    7243d4b8726971d3da02f80c8c3388c322cebe08218b7b88e846309e65037971895f71a08f362cd8e38902a71be0ebc37ec55f6814adcf7e20c5c2d132ab54a8

  • SSDEEP

    1536:i4UatDw8zT07f3qnm+A60k08945hIFJS:Aaxw82fan9AgzKIFI

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:628
    • C:\Users\Admin\AppData\Local\Temp\838542e51acb792890b1b6ee6299e9b8_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\838542e51acb792890b1b6ee6299e9b8_JaffaCakes118.exe"
      1⤵
      • Modifies WinLogon for persistence
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2804

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/628-30-0x000000000E310000-0x000000000E338000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-38-0x000000000E370000-0x000000000E398000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-74-0x000000000E4C0000-0x000000000E4E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-33-0x000000000E340000-0x000000000E368000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-9-0x0000000000400000-0x0000000000428000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-20-0x000000000E2B0000-0x000000000E2D8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-13-0x000000000E280000-0x000000000E2A8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-23-0x000000000E2E0000-0x000000000E308000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-69-0x000000000E490000-0x000000000E4B8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-64-0x000000000E460000-0x000000000E488000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-58-0x000000000E430000-0x000000000E458000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-43-0x000000000E3A0000-0x000000000E3C8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-49-0x000000000E3D0000-0x000000000E3F8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/628-53-0x000000000E400000-0x000000000E428000-memory.dmp

            Filesize

            160KB

            Download

          • memory/2804-2-0x0000000000411000-0x0000000000414000-memory.dmp

            Filesize

            12KB

            Download

          • memory/2804-0-0x0000000000400000-0x0000000000428000-memory.dmp

            Filesize

            160KB

            Download

          • memory/2804-1-0x0000000000400000-0x0000000000428000-memory.dmp

            Filesize

            160KB

            Download

          • memory/2804-3-0x0000000000400000-0x0000000000428000-memory.dmp

            Filesize

            160KB

            Download

          • memory/2804-3755-0x0000000000411000-0x0000000000414000-memory.dmp

            Filesize

            12KB

            Download