e15f1e68b9f41f2eacf1226ac7af4b7ea8c2ca81bcc3ceef72123f5d6e0b5f90

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 00:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cd4e63aac11cc80a0eea41764adcc29_JaffaCakes118.exe
Size

58KB
MD5

3cd4e63aac11cc80a0eea41764adcc29
SHA1

a550e4d1a8d81247316fd02872580f19ccf1271f
SHA256

e15f1e68b9f41f2eacf1226ac7af4b7ea8c2ca81bcc3ceef72123f5d6e0b5f90
SHA512

7c66cf876970500285853a0bc6319c6fb9e04e14c46f3b7fc98984159eb5c70e6de0ec4dc583c24db0b7e0d4a4488f4750ff93304c497aff619363a0434d3572
SSDEEP

768:VsWHa8stK1LW8qx942s8wSYjKyb7iHUGLgrdSAkkLj+EH+noGo1CR5Wqwq6wq+qE:mUaDtiC8wOSYu1HBgrrSEH+nmwm

Score

7^/10

persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Print Processors 1 TTPs 2 IoCs

Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

persistence

Print Processors

T1547.012

description	ioc	Process
File created	C:\Windows\system32\spool\PRTPROCS\x64\xIQGMY9c.dll	3cd4e63aac11cc80a0eea41764adcc29_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\spool\PRTPROCS\x64\xIQGMY9c.dll	3cd4e63aac11cc80a0eea41764adcc29_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\spool\PRTPROCS\x64\xIQGMY9c.dll	3cd4e63aac11cc80a0eea41764adcc29_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\spool\PRTPROCS\x64\xIQGMY9c.dll	3cd4e63aac11cc80a0eea41764adcc29_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2728	3cd4e63aac11cc80a0eea41764adcc29_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3cd4e63aac11cc80a0eea41764adcc29_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3cd4e63aac11cc80a0eea41764adcc29_JaffaCakes118.exe"
1⤵
- Boot or Logon Autostart Execution: Print Processors
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Print Processors

T1547.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Print Processors

T1547.012

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2728-0-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/2728-1-0x00000000778B0000-0x00000000778B1000-memory.dmp

Filesize
4KB

Download
memory/2728-4-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads