Overview

overview

10

Static

static

10

857395c22c...18.exe

windows7-x64

1

857395c22c...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    857395c22c5bd4b707376b4cfc7c6308_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    857395c22c5bd4b707376b4cfc7c6308

  • SHA1

    263349185213ccf520dbcd246f02fcc2d515bd6b

  • SHA256

    c6204984759803b0498b654dc19e74e5d8791f398d98e3db290da1c89c832004

  • SHA512

    1c63b6ab3b62bf8fc980d0f033fdf41a6fcac11334193cc100f70a79c196bf7135dc8ad0de9b94339c63a9beb65e9c8c05296ef420bd06ae2c48979f9e07f89e

  • SSDEEP

    384:7t9+Xi9NVzGS7P9oDPlMNcLlb5sVKwyK5Ct:7t9+Xi9NkwclMNEyo

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\857395c22c5bd4b707376b4cfc7c6308_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\857395c22c5bd4b707376b4cfc7c6308_JaffaCakes118.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1316-0-0x000007FEF60DE000-0x000007FEF60DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1316-1-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1316-2-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1316-3-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

    Filesize

    9.6MB

    Download