Overview

overview

3

Static

static

3

b85244d840...18.exe

windows7-x64

3

b85244d840...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 16:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b85244d840a3b37b0bbb3bbff7f5ca64_JaffaCakes118.exe

  • Size

    109KB

  • MD5

    b85244d840a3b37b0bbb3bbff7f5ca64

  • SHA1

    1262795be2c66f18a57a6745754c3d787f4473cf

  • SHA256

    0e673d3f6b7bea2361837d94e7b5232f09fbee4a187e425b18a2f111ee190623

  • SHA512

    a4a7cca06c6679fbbae2ebe175eef4bdbbbce5d634ff309bc1804eae48b87727760b52e8585675662e1867e284fdff5cda280c5c762103e3e9bd40f69ca7dd42

  • SSDEEP

    3072:wZpiPWradiw9borh2cDM5CUQ0CG5gye52l6RfhDutkcMpTtK:Q/adiw9bot8Q2bsfh6tkc4M

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b85244d840a3b37b0bbb3bbff7f5ca64_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\b85244d840a3b37b0bbb3bbff7f5ca64_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1500-0-0x0000000001000000-0x0000000001024000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1500-1-0x0000000001000000-0x0000000001024000-memory.dmp

    Filesize

    144KB

    Download