Overview

overview

3

Static

static

3

d1d42b2c37...18.exe

windows7-x64

1

d1d42b2c37...18.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1d42b2c37fc270eae7c87fc7e4fd1ac_JaffaCakes118.exe

  • Size

    71KB

  • MD5

    d1d42b2c37fc270eae7c87fc7e4fd1ac

  • SHA1

    8041a2b0031a8aa178f2a9c1a28dab118e23df19

  • SHA256

    4450f117affaaa8b1efdb2cf6da27f960dea97ceb6c871b878e5a92c8fc1870b

  • SHA512

    81be75caa6834fd3f429d0efc45df9649442c6e5e14d750740693a3bd283af60025a3811168af7966686db0565b02b00159433796db24c0a67460e802c1c45ba

  • SSDEEP

    1536:71Djs4X+qDH/O+g/k1nLjY6AsBiCqTFHACxxxxxxxokI6drG:u4X+qDHWH/k1nLBnA2Cxxxxxxxk6Y

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1d42b2c37fc270eae7c87fc7e4fd1ac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d1d42b2c37fc270eae7c87fc7e4fd1ac_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 480
      2⤵
        PID:2380

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2380-2-0x0000000000360000-0x0000000000361000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3068-0-0x000007FEF56EE000-0x000007FEF56EF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3068-1-0x000007FEF5430000-0x000007FEF5DCD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3068-3-0x000007FEF5430000-0x000007FEF5DCD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/3068-4-0x000007FEF56EE000-0x000007FEF56EF000-memory.dmp

      Filesize

      4KB

      Download