Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-03-2024 23:46
Static task
static1
Behavioral task
behavioral1
Sample
13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
13003cbfb6d2adfeea85952f8172c4f7
-
SHA1
e5ef2dd654b50ed7be455cbe7aaabaa7acaedc80
-
SHA256
9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9
-
SHA512
ccb7e4dfb0454711cb50a619497072082bae3111ac8ba76b22d1f95af9721762b3b493596191f879bdca3d5872315009bb8f021ac131d9a1067e1dff91696824
-
SSDEEP
49152:YMWXWDNahuR7JmTqru3cJXNxDyfCDVYNd/0wZUGGa639KNg:YMwiYSHVYNSwZUhV3R
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
conhost.exedescription pid process Token: SeDebugPrivilege 2080 conhost.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exedescription pid process target process PID 1048 wrote to memory of 2080 1048 13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe conhost.exe PID 1048 wrote to memory of 2080 1048 13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe conhost.exe PID 1048 wrote to memory of 2080 1048 13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe conhost.exe PID 1048 wrote to memory of 2080 1048 13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe conhost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\conhost.exe"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2080-0-0x0000000000170000-0x0000000000359000-memory.dmpFilesize
1.9MB
-
memory/2080-1-0x000000001B2C0000-0x000000001B4A8000-memory.dmpFilesize
1.9MB
-
memory/2080-3-0x0000000002120000-0x00000000021A0000-memory.dmpFilesize
512KB
-
memory/2080-2-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmpFilesize
9.9MB
-
memory/2080-4-0x0000000002120000-0x00000000021A0000-memory.dmpFilesize
512KB
-
memory/2080-6-0x000007FEF55D0000-0x000007FEF5FBC000-memory.dmpFilesize
9.9MB