Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
16-04-2024 11:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f362dd71d128ea233ba0976d61589331_JaffaCakes118.exe
Resource
win7-20240221-en
15 signatures
150 seconds
General
-
Target
f362dd71d128ea233ba0976d61589331_JaffaCakes118.exe
-
Size
516KB
-
MD5
f362dd71d128ea233ba0976d61589331
-
SHA1
e1faaf133282c1efb78ef54b3b683c651df306a7
-
SHA256
5450d70a103c7439fb6f9887bb6660cb2e07a7d6c4f0174a4fc7397a6742403d
-
SHA512
5a4ddf03918adc1d4081a96251175d1d7130b08aa81b9f46697ba3c0a148f1f69e7b72d37643047143a4569a744d628ce3cc931edb5d6c70b1213c45fd0a74f1
-
SSDEEP
6144:qOOr9BJ/GKWWBNU6ITLBi0qttclOKgU91BKLB15kAydiib4xMhj7TSnRHNaNul+o:3eBNUbTVO86UAtkj7b4xMtA1NaNZeaU
Malware Config
Signatures
-
Expiro payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/732-2-0x00007FF7D7190000-0x00007FF7D724D000-memory.dmp family_expiro1 -
Drops file in System32 directory 2 IoCs
Processes:
f362dd71d128ea233ba0976d61589331_JaffaCakes118.exedescription ioc process File opened for modification \??\c:\windows\system32\svchost.exe f362dd71d128ea233ba0976d61589331_JaffaCakes118.exe File opened for modification \??\c:\windows\system32\alg.exe f362dd71d128ea233ba0976d61589331_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
f362dd71d128ea233ba0976d61589331_JaffaCakes118.exedescription pid process Token: SeTakeOwnershipPrivilege 732 f362dd71d128ea233ba0976d61589331_JaffaCakes118.exe