Overview

overview

10

Static

static

10

b42fb0208d...18.ps1

windows7-x64

3

b42fb0208d...18.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 00:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b42fb0208d6c568b3aeb529133e1a6c6_JaffaCakes118.ps1

  • Size

    3KB

  • MD5

    b42fb0208d6c568b3aeb529133e1a6c6

  • SHA1

    7cede987a2f8cc83a4f7e29b0c699e09a8be32d5

  • SHA256

    f91701c18688153b151368fb04a620c67a92bdfb33fed9c9a439a0ba9230efd1

  • SHA512

    5fc02bb2ec7ee603093b004cd7e8b8cd3996d7f9a62cab81cf93fb95c6fbae8077209e8733d06257adfcafbc8f5f57d3c1c0ee1ebf3d7cc649f0dfa1287754c9

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\b42fb0208d6c568b3aeb529133e1a6c6_JaffaCakes118.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2096-4-0x000007FEF5D2E000-0x000007FEF5D2F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2096-5-0x000000001B770000-0x000000001BA52000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2096-6-0x0000000001E20000-0x0000000001E28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2096-7-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2096-8-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2096-10-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2096-9-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2096-11-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2096-12-0x000007FEF5D2E000-0x000007FEF5D2F000-memory.dmp

    Filesize

    4KB

    Download