fe068f9baab0d006ca6b13701ee44a700b8644e51e528d7dc9b7c1410f5f6e78

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2024 06:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0db7fed708a0f6bdd1a70fbee3c4bd11_JaffaCakes118.exe
Size

454KB
MD5

0db7fed708a0f6bdd1a70fbee3c4bd11
SHA1

15d54058d2052486c332ecfa27a8f2acc981c789
SHA256

fe068f9baab0d006ca6b13701ee44a700b8644e51e528d7dc9b7c1410f5f6e78
SHA512

ddbfef6e860257c480f991b6c377ea3a581e6323c43636e31d20922ea7136866257e0cf612192597209c476870b43f4e56971f1f56668c396b1bb68bcf7c071b
SSDEEP

6144:SvaqS4IR/kviXzd4N6qJFldlibYOlU/glqmOgDVL5ul94BhunZQpLzms7VFPYYs:h/kviXzdyGYr/eDVL5ul2unZatU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3684	qfjesjluewfgfyu.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3684	qfjesjluewfgfyu.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3684	qfjesjluewfgfyu.exe
3684	qfjesjluewfgfyu.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 3684	1972	0db7fed708a0f6bdd1a70fbee3c4bd11_JaffaCakes118.exe	90
PID 1972 wrote to memory of 3684	1972	0db7fed708a0f6bdd1a70fbee3c4bd11_JaffaCakes118.exe	90

C:\Users\Admin\AppData\Local\Temp\0db7fed708a0f6bdd1a70fbee3c4bd11_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0db7fed708a0f6bdd1a70fbee3c4bd11_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\qfjesjluewfgfyu.exe
  "C:\Users\Admin\AppData\Local\Temp\\qfjesjluewfgfyu.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3608 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:4512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
454KB

MD5
0db7fed708a0f6bdd1a70fbee3c4bd11

SHA1
15d54058d2052486c332ecfa27a8f2acc981c789

SHA256
fe068f9baab0d006ca6b13701ee44a700b8644e51e528d7dc9b7c1410f5f6e78

SHA512
ddbfef6e860257c480f991b6c377ea3a581e6323c43636e31d20922ea7136866257e0cf612192597209c476870b43f4e56971f1f56668c396b1bb68bcf7c071b

Download Submit
C:\Users\Admin\AppData\Local\Temp\qfjesjluewfgfyu.exe

Filesize
11KB

MD5
9a7e17351f0e74570b387600922e59e0

SHA1
017bf40ae2cb8321ee9825e3b93339fd41a148da

SHA256
44b9e76377582e04cc2fdc0c6b922634bcda5f9304419ddeac2833610249cc6c

SHA512
bb0bef29d7b60307bf77a81a358d55a7483b1fa81ed3e9453898b1d7629bd1ecab7ec92c505d6522f887549b4604edcdc8a5547b21f66b5c46b84169522f3ba3

Download Submit
memory/3684-26-0x00007FFE5FE60000-0x00007FFE60801000-memory.dmp

Filesize
9.6MB

Download
memory/3684-7-0x000000001B5A0000-0x000000001B63C000-memory.dmp

Filesize
624KB

Download
memory/3684-29-0x00007FFE60115000-0x00007FFE60116000-memory.dmp

Filesize
4KB

Download
memory/3684-6-0x000000001BB30000-0x000000001BFFE000-memory.dmp

Filesize
4.8MB

Download
memory/3684-28-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-3-0x00007FFE5FE60000-0x00007FFE60801000-memory.dmp

Filesize
9.6MB

Download
memory/3684-10-0x00000000010C0000-0x00000000010C8000-memory.dmp

Filesize
32KB

Download
memory/3684-11-0x00007FFE5FE60000-0x00007FFE60801000-memory.dmp

Filesize
9.6MB

Download
memory/3684-12-0x00007FFE5FE60000-0x00007FFE60801000-memory.dmp

Filesize
9.6MB

Download
memory/3684-13-0x00007FFE5FE60000-0x00007FFE60801000-memory.dmp

Filesize
9.6MB

Download
memory/3684-14-0x000000001F650000-0x000000001F6B2000-memory.dmp

Filesize
392KB

Download
memory/3684-30-0x00007FFE5FE60000-0x00007FFE60801000-memory.dmp

Filesize
9.6MB

Download
memory/3684-2-0x00007FFE60115000-0x00007FFE60116000-memory.dmp

Filesize
4KB

Download
memory/3684-27-0x0000000023160000-0x0000000023906000-memory.dmp

Filesize
7.6MB

Download
memory/3684-5-0x0000000001280000-0x00000000012C4000-memory.dmp

Filesize
272KB

Download
memory/3684-4-0x00007FFE5FE60000-0x00007FFE60801000-memory.dmp

Filesize
9.6MB

Download
memory/3684-17-0x00007FFE5FE60000-0x00007FFE60801000-memory.dmp

Filesize
9.6MB

Download
memory/3684-31-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-32-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-33-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-34-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-35-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-36-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-37-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-38-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-39-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-40-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-41-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download
memory/3684-42-0x000000001FA60000-0x00000000210D7000-memory.dmp

Filesize
22.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads