Resubmissions

23-12-2024 16:11

241223-tm9qfsvjbk 10

23-12-2024 16:09

241223-tlrs9atrgk 10

Analysis

  • max time kernel
    37s
  • max time network
    37s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-12-2024 16:11

General

  • Target

    JaffaCakes118_c4a29e5c9f75e8f9c2c69239fb49cf63ee58e85364e9b8191ff61f996d8b1be1

  • Size

    35.2MB

  • MD5

    52548d01a3077aa0828017660fab2b9a

  • SHA1

    ae276b665ead85cb2b9d564c8a2f2c0fd9a560bf

  • SHA256

    c4a29e5c9f75e8f9c2c69239fb49cf63ee58e85364e9b8191ff61f996d8b1be1

  • SHA512

    76191ca1b66646f1ff985c8463c36bfd15b58783c9deac7145038170c8778cfa69b403809225fd093d81415d6c187f12426f4c67a1958f175edfdb69aacc5096

  • SSDEEP

    786432:LHnQwMPHgP0ueFIRp0bsFG3AeemBOjTjoJkqNtSsz:LHtczFIXqs7mMjg5z

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 50 IoCs
  • Suspicious use of SendNotifyMessage 50 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_c4a29e5c9f75e8f9c2c69239fb49cf63ee58e85364e9b8191ff61f996d8b1be1
    1⤵
      PID:3252
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2940

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2940-0-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB

    • memory/2940-2-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB

    • memory/2940-1-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB

    • memory/2940-12-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB

    • memory/2940-11-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB

    • memory/2940-10-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB

    • memory/2940-9-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB

    • memory/2940-8-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB

    • memory/2940-6-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB

    • memory/2940-7-0x0000027A45C10000-0x0000027A45C11000-memory.dmp

      Filesize

      4KB