Overview

overview

5

Static

static

5

fb68377ad9...18.exe

windows7-x64

fb68377ad9...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    9s
  • max time network
    10s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 03:24 UTC

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe

  • Size

    6KB

  • MD5

    fb68377ad9852afc5986c3b36572a9f3

  • SHA1

    1092151de851b6a8e950c8e3478166e683d41f3f

  • SHA256

    40040701c9aa58609e4999814734acdcc462e8d182aff5bd0fed3b17a8f9ba12

  • SHA512

    ef521b506e57664c8be77eb58b4f6a438ecd8d640a0a0983675586402e9e321eab7fccf370fead2d27feb617fff63dab5d4c2e5fdd275f181df98faac0574880

  • SSDEEP

    96:pPL2UJ4PcfbA6jN0AHGOD6lTViEsXBbcwHEBer0a+WpHPeYo:pPLdjbAOan7UFIe9pHPW

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2636
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2812
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:496

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/496-4-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2636-0-0x0000000000400000-0x0000000000408000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2636-2-0x0000000000400000-0x0000000000408000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2812-3-0x0000000002E10000-0x0000000002E11000-memory.dmp

        Filesize

        4KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.