Overview

overview

10

Static

static

3

6bc5ab7a2b...18.tar

windows7-x64

1

6bc5ab7a2b...18.tar

windows10-2004-x64

1

eFAX.CORPO...df.exe

windows7-x64

10

eFAX.CORPO...df.exe

windows10-2004-x64

10

vv/vv.pdf

windows7-x64

3

vv/vv.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-10-2024 20:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6bc5ab7a2b6bfc1746e93b12813c942f_JaffaCakes118.tar

  • Size

    160KB

  • MD5

    97f7ee0017ff15f182af0724499f7a2e

  • SHA1

    e9ca48cd0d624e9443bbb0f6fb48537f5f65eb5a

  • SHA256

    7abe00638fafb697900111330f5d3c4512cbf7fc4f83345139ebc4c4d57f684b

  • SHA512

    74c976edb7d1293b8ff58c0e4127a06645208aeb15bd9cc1b6454cdc493895e9426478efddc91332f1250b627b1e3e6ad2e7a3f05f5e4a13bf0612fdf679fa93

  • SSDEEP

    3072:KM+Ru0P/V1+KRrH1E4DpCY45wpK2nqILOZfw4BxHdnkv9QQl95mR7d:KM+FP+E1lCe3l6ZI0xHdk1X/Q7d

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\6bc5ab7a2b6bfc1746e93b12813c942f_JaffaCakes118.tar"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads