Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
31-03-2024 22:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe
-
Size
682KB
-
MD5
6040407905ea1aa24dd58dc8befa4255
-
SHA1
96ecf27fd10a6663cbfaadb7643abeaf4061ea77
-
SHA256
2f2831bdecd1f925134fd944fc57f84b76ffe872e01c66f3662f1f9194a4b362
-
SHA512
d16e31ae6f510ab9f2f2474c064781c15e666f871a969f394f3e6590c7c1dabf19a98c62866e0342d4e6ec9cb40ab2f036c0d687c92f34df7527c340dae923f2
-
SSDEEP
12288:hSBIB+gqzVl16yDr67jAkWoDq5jAyWb3PnB5JRU/V18H:sBVVmEJaqdAtj/RRGV
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exepid process 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exedescription pid process Token: SeDebugPrivilege 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exedescription pid process target process PID 2332 wrote to memory of 2412 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2412 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2412 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2412 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2432 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2432 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2432 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2432 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2448 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2448 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2448 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2448 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2460 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2460 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2460 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2460 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2588 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2588 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2588 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe PID 2332 wrote to memory of 2588 2332 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe 6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"2⤵PID:2412
-
C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"2⤵PID:2432
-
C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"2⤵PID:2448
-
C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"2⤵PID:2460
-
C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\6040407905ea1aa24dd58dc8befa4255_JaffaCakes118.exe"2⤵PID:2588