9a31a665717ea4ffae4e1e10e0b41fe7c8f9d591e3848cbc4d0d68276517c612

Analysis

max time kernel
142s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f66c65be79a2ab8b1c92dbff1c2b458_JaffaCakes118.exe
Size

5.7MB
MD5

0f66c65be79a2ab8b1c92dbff1c2b458
SHA1

0817921f9ac969074294865e319da16a4e4dac12
SHA256

9a31a665717ea4ffae4e1e10e0b41fe7c8f9d591e3848cbc4d0d68276517c612
SHA512

f496c4018664a33e70f9d92818456e863c0af36051d0f1a62e65e17de4a0720efb49fc9b9f0dd577bd80b154afa4156c5e873234bb8bfa75af75412a97cf3dd8
SSDEEP

98304:40N/qmPfiVd2bsRmKjv4RaSf6UtFlL9Nk0a13bndtqeBfVp8Jpt5C4nn8FLhXPjo:zWdZv49f6Un7NBu7qeBfVpqtnnsLpv+B

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1608	stdrtex.exe

Loads dropped DLL 6 IoCs

pid	Process
1608	stdrtex.exe
1608	stdrtex.exe
1608	stdrtex.exe
1608	stdrtex.exe
1608	stdrtex.exe
1608	stdrtex.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1608	stdrtex.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4592	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4592	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1608	stdrtex.exe
1608	stdrtex.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 1608	3780	0f66c65be79a2ab8b1c92dbff1c2b458_JaffaCakes118.exe	83
PID 3780 wrote to memory of 1608	3780	0f66c65be79a2ab8b1c92dbff1c2b458_JaffaCakes118.exe	83
PID 3780 wrote to memory of 1608	3780	0f66c65be79a2ab8b1c92dbff1c2b458_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\0f66c65be79a2ab8b1c92dbff1c2b458_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f66c65be79a2ab8b1c92dbff1c2b458_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Users\Admin\AppData\Local\Temp\mrt34FA.tmp\stdrtex.exe
  "C:\Users\Admin\AppData\Local\Temp\mrt34FA.tmp\stdrtex.exe" /SF "C:\Users\Admin\AppData\Local\Temp\0f66c65be79a2ab8b1c92dbff1c2b458_JaffaCakes118.exe" /SO621568
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1608

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x324
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mrt34FA.tmp\MMFS2.dll

Filesize
496KB

MD5
57b00788621f49bf3e73295fa28a6c43

SHA1
7c49651bdf041d9091cd1c2c107ba7c3b3b1e919

SHA256
be3490d6f1ce88bbc63feef67a9a7820c86c26b7bdcd4de318459b6c4b8f010a

SHA512
b861f4122cd23b3edcb659f0fc0ffba75b1d44140128df4fde4c5fea6b46a187b5fe4195d4da5933a985580bc9b50a89e2926ef21edf242b3b2e0b81325c6494

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt34FA.tmp\Platform.mfx

Filesize
21KB

MD5
f028a9790936f628964ffb256405aebb

SHA1
2dbecca5034f39a78e88cdf962208f742ff43302

SHA256
722e0aeb4d6424e95df58c01e5b787a7bcc0b1e1f1c0cf86b18388c42980cfcd

SHA512
f0d3d204e8ec563092d4dbb60dce0370acda92fe39b07e8f021dbc28f56041dc8ddc382b1326cfa8fb694a16a57ebdc56f0824cbf5c9abbe47498e973bff3b32

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt34FA.tmp\mmf2d3d11.dll

Filesize
539KB

MD5
a341e40bc17c599c5440ae482b2a4530

SHA1
7ef1c15948f8325f601c39583be7178c7fcb4d06

SHA256
1338db2660834c9f95128eb7bd7a18fd60ac44b59c558db7cf73706c38c9ca47

SHA512
b917b7532b183e875ae0bd02805505e1e537c52138012a8f28daee60ec39dfcce641d4f9fa395f6e31d2400d37d34093a7c6bd3faac6581037802e9a4120f8c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt34FA.tmp\mmf2d3d9.dll

Filesize
1.5MB

MD5
8cc5f39e0376554ca5eddf02e592d73a

SHA1
67876787bdf453e768d2f9eef468cd8815b19d2b

SHA256
e477443c7f358d8f8f1e6edd10ab891c78e5b64efd5728f434e07227064611ce

SHA512
e8bf1944f4df99dc1208160a78a278c562ce0a01b2fb5059abe0dc3477499459900c157a51862b4585d11afa448e013fc2fc1b11a2db52ee2e171c5f13d1e443

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt34FA.tmp\stdrtex.exe

Filesize
1.0MB

MD5
15af9234c1f25c4e4c8d12bff6fbdec3

SHA1
32c2b631a32ec3a311b8383334d0a481444a607d

SHA256
4d78d848079d9e4890a8f48be8d79988645ab264ddaa44c0b459c3611cd58214

SHA512
867590e883d6801ad1d17075ead283bbd84a5092d30d4770c456434f2853aff6ac5f480f387d9ca0c0e54f35343bf579d73f59a9a83f5d97d39ecc1e54edcea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt34FA.tmp\waveflt.sft

Filesize
8KB

MD5
57ea61dd14314ef155e80c6a0be8a664

SHA1
963b0ef2fe976ff77044a821fe1e29be4a8cf8a7

SHA256
92a5053cf5973a6aa228c738d55387f12f1dfa8a837d7b938c60f05b6b56b3ad

SHA512
cc23cb30d76d22500c3ed7ce9ee0388588309d0779441b95559fce25a42f1eff52ca285c347655f8b33c15b75f9d2067738a151f81f605d3b563799a3a06c9a9

Download Submit