Overview

overview

10

Static

static

3

b04dff1e33...18.exe

windows7-x64

10

b04dff1e33...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 18:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b04dff1e33599ca8cdc2d2acbcbbc583_JaffaCakes118.exe

  • Size

    329KB

  • MD5

    b04dff1e33599ca8cdc2d2acbcbbc583

  • SHA1

    ff6e190803811def3389747e307c89dab02e51ff

  • SHA256

    c9f091eefe4f0018d83814bc52b656d8c7b7ae646bd57067115d8efd57d103e8

  • SHA512

    9b04c80dcbf64624da8b69d3b778e11b8a486282a34abcd3a1229ec6c8a095b995a163ea63522955b03eaa60286c111f8ebeea9653b8b0e66da53e425902397a

  • SSDEEP

    6144:CJTjc7Ix6gspWrkLDj9ivMFiEcL4FQpSpxtCIwLRjdBug6:Cq7+JspWwD5KMFiL4F64tCIwLRjfug6

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b04dff1e33599ca8cdc2d2acbcbbc583_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b04dff1e33599ca8cdc2d2acbcbbc583_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1884-0-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1884-2-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1884-1-0x0000000000410000-0x0000000000412000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1884-7-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1884-8-0x0000000000410000-0x0000000000412000-memory.dmp

    Filesize

    8KB

    Download