f77ec523369df544b489a6b113d4a93216b21eeda50e4336e6ddad21d761728a

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 07:34

Target

04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe
Size

34KB
MD5

04ae73aa9fdddc6c53f5bd6f3b67302b
SHA1

84661c2d884857a52d7928155a999b8e6f01eed0
SHA256

f77ec523369df544b489a6b113d4a93216b21eeda50e4336e6ddad21d761728a
SHA512

cf46a3eaa15e6110b4ec689fa0c546f8021fbad742c06c44def0c66b50b830b001a594e30315ee1173f594af1aad8efbc4bf70759b08fa2b3066878344dbe43a
SSDEEP

768:pNZkEVqYHwzHUco8jWMsBPvWb1QG7LUshlWs:LZZVGUco8jFIPvWb1QGcf

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3940	04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe	04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe	04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	4288	04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 3252	4288	04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe	82
PID 4288 wrote to memory of 3252	4288	04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe	82
PID 4288 wrote to memory of 3252	4288	04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe	82

C:\Users\Admin\AppData\Local\Temp\04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\04AE73~1.EXE > nul
  2⤵
  PID:3252

C:\Windows\SysWOW64\04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe
C:\Windows\SysWOW64\04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe
1⤵
- Executes dropped EXE
PID:3940

C:\Windows\SysWOW64\04ae73aa9fdddc6c53f5bd6f3b67302b_JaffaCakes118.exe

Filesize
34KB

MD5
04ae73aa9fdddc6c53f5bd6f3b67302b

SHA1
84661c2d884857a52d7928155a999b8e6f01eed0

SHA256
f77ec523369df544b489a6b113d4a93216b21eeda50e4336e6ddad21d761728a

SHA512
cf46a3eaa15e6110b4ec689fa0c546f8021fbad742c06c44def0c66b50b830b001a594e30315ee1173f594af1aad8efbc4bf70759b08fa2b3066878344dbe43a

Download Submit