58c64182c52ba2afa22350028b0030d797365993c957e9f3cbf67d01a7e4837b

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
Size

304KB
MD5

ff80ebe09720e03e4257caec7d7dfdc5
SHA1

f2fb40aad34d370f329e8837dab6b44a8f8557cf
SHA256

58c64182c52ba2afa22350028b0030d797365993c957e9f3cbf67d01a7e4837b
SHA512

5fc4112c4523738db918eaf869fd29e033c2834049e7e891615714e023da3eb87ec339703151094f5d074c69a98f4ccf0734c4ab5263f86d47841562ce016dcc
SSDEEP

6144:XiFtiWB0WL7tNJ5ip34J5B4G7a4G7vWFHw:StB0WdNriNyFMv4w

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\GroupPolicy\gpt.ini	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\GroupPolicy\user\Scripts\script.ini	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
1796	ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff80ebe09720e03e4257caec7d7dfdc5_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1796

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads