fec6d44cc82af360aab39f22292c41d92e8a34e0072649be221da8c33b68dca3

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c9d15bd6bc31e26505cd72a25b4d5d1_JaffaCakes118.exe
Size

16KB
MD5

9c9d15bd6bc31e26505cd72a25b4d5d1
SHA1

e2a978963b5bf904f27b93c5db2ba85d4b84db70
SHA256

fec6d44cc82af360aab39f22292c41d92e8a34e0072649be221da8c33b68dca3
SHA512

ccc1c8fdef8310b7262c44c6320ad61a04aacd1fc8002c0833d18f0b19364aad3f568b5713cbe5e3788321d997140de82bc0aac66c118f081aebee9c8c9fc4bd
SSDEEP

384:9ZilPqtlJES8uj9bVNc2lb5s4cOyx5Ct:9ZilPqtlFfVVN3co

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
6	3.tcp.ngrok.io
65	3.tcp.ngrok.io
83	3.tcp.ngrok.io

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4604	9c9d15bd6bc31e26505cd72a25b4d5d1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\9c9d15bd6bc31e26505cd72a25b4d5d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9c9d15bd6bc31e26505cd72a25b4d5d1_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4604-0-0x00007FFB05E65000-0x00007FFB05E66000-memory.dmp

Filesize
4KB

Download
memory/4604-1-0x00007FFB05BB0000-0x00007FFB06551000-memory.dmp

Filesize
9.6MB

Download
memory/4604-2-0x000000001BAA0000-0x000000001BF6E000-memory.dmp

Filesize
4.8MB

Download
memory/4604-4-0x00007FFB05BB0000-0x00007FFB06551000-memory.dmp

Filesize
9.6MB

Download
memory/4604-3-0x000000001BF70000-0x000000001C016000-memory.dmp

Filesize
664KB

Download
memory/4604-5-0x000000001C100000-0x000000001C162000-memory.dmp

Filesize
392KB

Download
memory/4604-6-0x00007FFB05E65000-0x00007FFB05E66000-memory.dmp

Filesize
4KB

Download
memory/4604-7-0x00007FFB05BB0000-0x00007FFB06551000-memory.dmp

Filesize
9.6MB

Download