Analysis
-
max time kernel
140s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
22/09/2024, 08:48
Static task
static1
Behavioral task
behavioral1
Sample
f1adfa919518d16988ce67533625812a_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f1adfa919518d16988ce67533625812a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
f1adfa919518d16988ce67533625812a_JaffaCakes118.exe
-
Size
742KB
-
MD5
f1adfa919518d16988ce67533625812a
-
SHA1
382b5a19a01da21eb98c28745962b3aeafcca86d
-
SHA256
c585cb1e9e41a7e5e0c8db0eac0e2f5dd40660a103b4e6ca0af92790ef1eac01
-
SHA512
e864de465d5072e192c03345fd72f8fa92667feea1b2fca6042c29b8b669c7d6d820b2930fda0101f25e94edb032b36b1bd2a850da65e3288c9a32e22a1aba7d
-
SSDEEP
12288:WZn/ydyo+MlaPpIMjTDjsbnxwdfD5i7lE2hPYR90/LMqeyBY1UFQQN46+qs:Wn/iP+McjTPWxwdQ/WR9coqJix6+qs
Malware Config
Signatures
-
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
-
mimikatz is an open source tool to dump credentials on Windows 2 IoCs
resource yara_rule behavioral2/memory/2748-2-0x0000000002A70000-0x0000000002BB2000-memory.dmp mimikatz behavioral2/memory/2748-4-0x0000000002A70000-0x0000000002BB2000-memory.dmp mimikatz -
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
pid Process 2748 f1adfa919518d16988ce67533625812a_JaffaCakes118.exe