Overview

overview

3

Static

static

3

ac94c7021f...18.exe

windows7-x64

3

ac94c7021f...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 21:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ac94c7021f7a415d88433b6730fbfb4a_JaffaCakes118.exe

  • Size

    16KB

  • MD5

    ac94c7021f7a415d88433b6730fbfb4a

  • SHA1

    b965b4b0e1ea6e7bb47a51dbfae4a9edd8862860

  • SHA256

    8edebb495e8814e99c6a2b833d330df2a7dc8de82f8f7897e6bd3730a205709d

  • SHA512

    23a97f6070b35ddd8a538f4d81a21a2f98bc4d8c5e60b45a13a344094020bc0f8eebe80233d396f4935d3fc5462c7da5dc4ddc4e80a16815cd76363ef3aa21e7

  • SSDEEP

    384:Dj5CvmNJzTmbyOa0HA7veInT5UUquKgJ3Spltx05o:hCObK2OfH8jtU7u5enx05o

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac94c7021f7a415d88433b6730fbfb4a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ac94c7021f7a415d88433b6730fbfb4a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2356
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x308 0x2ec
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5064

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads