Overview

overview

3

Static

static

3

ad5598a65d...18.exe

windows7-x64

3

ad5598a65d...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 01:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ad5598a65d0de0534b0e661be8c81a82_JaffaCakes118.exe

  • Size

    95KB

  • MD5

    ad5598a65d0de0534b0e661be8c81a82

  • SHA1

    75b1fdda3eb9de86dc2b046986065134b2d5a835

  • SHA256

    4d0f5d96f5e26c04bc0a4e4b0c3a8d60626a986b17778260dee45f0d95aafcf3

  • SHA512

    e8d4c2009e0e5ef198c6d7dcb44fe1dfb41734d8939e946b18954d2c2899524a9bff57a4e3568394597044070e0b5847e0076d2cf7b09066f1e6a0a9e7c7eaf5

  • SSDEEP

    1536:C8CyhHAs6Pxy93RAk+od4IhW8aroUytf9fdVd0LHMZ2hv7nAU35q:CvcZKxy0k+A4IhW8aroUytf9eLtvI

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad5598a65d0de0534b0e661be8c81a82_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ad5598a65d0de0534b0e661be8c81a82_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 824
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:4068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3400-0-0x0000000074D12000-0x0000000074D13000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3400-1-0x0000000074D10000-0x00000000752C1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/3400-2-0x0000000074D10000-0x00000000752C1000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/3400-9-0x0000000074D10000-0x00000000752C1000-memory.dmp

          Filesize

          5.7MB

          Download