Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-03-2024 23:46
Static task
static1
Behavioral task
behavioral1
Sample
13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
13003cbfb6d2adfeea85952f8172c4f7
-
SHA1
e5ef2dd654b50ed7be455cbe7aaabaa7acaedc80
-
SHA256
9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9
-
SHA512
ccb7e4dfb0454711cb50a619497072082bae3111ac8ba76b22d1f95af9721762b3b493596191f879bdca3d5872315009bb8f021ac131d9a1067e1dff91696824
-
SSDEEP
49152:YMWXWDNahuR7JmTqru3cJXNxDyfCDVYNd/0wZUGGa639KNg:YMwiYSHVYNSwZUhV3R
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
conhost.exedescription pid process Token: SeDebugPrivilege 2100 conhost.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exedescription pid process target process PID 2656 wrote to memory of 2100 2656 13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe conhost.exe PID 2656 wrote to memory of 2100 2656 13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe conhost.exe PID 2656 wrote to memory of 2100 2656 13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe conhost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\conhost.exe"C:\Windows\System32\conhost.exe" "C:\Users\Admin\AppData\Local\Temp\13003cbfb6d2adfeea85952f8172c4f7_JaffaCakes118.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2100-0-0x00000262EA450000-0x00000262EA639000-memory.dmpFilesize
1.9MB
-
memory/2100-1-0x00000262ED090000-0x00000262ED278000-memory.dmpFilesize
1.9MB
-
memory/2100-2-0x00000262EC350000-0x00000262EC362000-memory.dmpFilesize
72KB
-
memory/2100-3-0x00007FF9FA310000-0x00007FF9FADD1000-memory.dmpFilesize
10.8MB
-
memory/2100-5-0x00000262ECE90000-0x00000262ECEA0000-memory.dmpFilesize
64KB
-
memory/2100-4-0x00000262ECE90000-0x00000262ECEA0000-memory.dmpFilesize
64KB
-
memory/2100-8-0x00007FF9FA310000-0x00007FF9FADD1000-memory.dmpFilesize
10.8MB