b1aa4cbb72ea5eb72797dd60f06f0fa752bcd4ae2769a68621e9491b3f049b84

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 01:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2861c16603542d321ef849555bddc786_JaffaCakes118.exe
Size

64KB
MD5

2861c16603542d321ef849555bddc786
SHA1

8257a6fa9b8dcca54d5f5623e4d61b3aedf83a8d
SHA256

b1aa4cbb72ea5eb72797dd60f06f0fa752bcd4ae2769a68621e9491b3f049b84
SHA512

b4a270d5c8bbc8986f79ca0c59a99d95d68622c96ae6ba8d2ac70c4f1da902ca67fbb4ca1d232d938c3eba1d1a7b44f8135f411b13d4317de88c3b160cce2194
SSDEEP

1536:/QQvLCXkmPtQkmulB45htI6JFh3b2qSEH+nmwm:oQzCUZhntbDh

Score

7^/10

persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Print Processors 1 TTPs 2 IoCs

Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

persistence

Print Processors

T1547.012

description	ioc	Process
File created	C:\Windows\system32\spool\PRTPROCS\x64\xo9o17mY.dll	2861c16603542d321ef849555bddc786_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\spool\PRTPROCS\x64\xo9o17mY.dll	2861c16603542d321ef849555bddc786_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\spool\PRTPROCS\x64\xo9o17mY.dll	2861c16603542d321ef849555bddc786_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\spool\PRTPROCS\x64\xo9o17mY.dll	2861c16603542d321ef849555bddc786_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1716	2861c16603542d321ef849555bddc786_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2861c16603542d321ef849555bddc786_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2861c16603542d321ef849555bddc786_JaffaCakes118.exe"
1⤵
- Boot or Logon Autostart Execution: Print Processors
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Print Processors

T1547.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Print Processors

T1547.012

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-1-0x0000000077480000-0x0000000077481000-memory.dmp

Filesize
4KB

Download
memory/1716-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1716-4-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads