1980271b595d755d69e6c10c038757d48738a8832bb6f0afd4274d0e11769af3

Analysis

max time kernel
141s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 07:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

23bd2cafd2fa4f9935e1064a80087634_JaffaCakes118.exe
Size

458KB
MD5

23bd2cafd2fa4f9935e1064a80087634
SHA1

376db9551eb0d4c9013e094bec37c826d74714b9
SHA256

1980271b595d755d69e6c10c038757d48738a8832bb6f0afd4274d0e11769af3
SHA512

3e7f1bdfb6b6e636e295d06968b4fd06d0cc1adc3602c726b3f53f8d723f4ddadc9b1c97b87e311d1b90fe4d475bf886f76b75821130d3670b3b2007dbfc63ae
SSDEEP

6144:ZNasw/FCvXE35bkZLUVvF2rYESS/JQTc/LLD5/h7v0fBilVn+203mFHUuXRYq:dvXk5bkduvFN9KJQTczLDnMfCZflUu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4840	ubzdoyldaxdaxz.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4840	ubzdoyldaxdaxz.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4840	ubzdoyldaxdaxz.exe
4840	ubzdoyldaxdaxz.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 4840	4436	23bd2cafd2fa4f9935e1064a80087634_JaffaCakes118.exe	85
PID 4436 wrote to memory of 4840	4436	23bd2cafd2fa4f9935e1064a80087634_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\23bd2cafd2fa4f9935e1064a80087634_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\23bd2cafd2fa4f9935e1064a80087634_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Users\Admin\AppData\Local\Temp\qfskagynxsvv\ubzdoyldaxdaxz.exe
  "C:\Users\Admin\AppData\Local\Temp\qfskagynxsvv\ubzdoyldaxdaxz.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\qfskagynxsvv\parent.txt

Filesize
458KB

MD5
23bd2cafd2fa4f9935e1064a80087634

SHA1
376db9551eb0d4c9013e094bec37c826d74714b9

SHA256
1980271b595d755d69e6c10c038757d48738a8832bb6f0afd4274d0e11769af3

SHA512
3e7f1bdfb6b6e636e295d06968b4fd06d0cc1adc3602c726b3f53f8d723f4ddadc9b1c97b87e311d1b90fe4d475bf886f76b75821130d3670b3b2007dbfc63ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\qfskagynxsvv\ubzdoyldaxdaxz.exe

Filesize
7KB

MD5
62515e4fe05a9db306abb88fada38be0

SHA1
869a0b7b0912af5cf7f4fee35d2382929d564af7

SHA256
77fbf090419cb59e63dc3306deceed457e7663a529be1e85f344b48fa18a7514

SHA512
d0bdea85f5797b6080af699705f8096675e3f58d1eb1a33721411ad3828ee257e1fa2fd38081bbbfa323a0a7053116e9201394c7e1650a880e8ebd264458e343

Download Submit
memory/4840-27-0x00000000236B0000-0x0000000023E56000-memory.dmp

Filesize
7.6MB

Download
memory/4840-34-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-8-0x000000001C310000-0x000000001C7DE000-memory.dmp

Filesize
4.8MB

Download
memory/4840-9-0x000000001C880000-0x000000001C91C000-memory.dmp

Filesize
624KB

Download
memory/4840-10-0x00007FFFE4300000-0x00007FFFE4CA1000-memory.dmp

Filesize
9.6MB

Download
memory/4840-11-0x0000000001600000-0x0000000001608000-memory.dmp

Filesize
32KB

Download
memory/4840-12-0x00007FFFE4300000-0x00007FFFE4CA1000-memory.dmp

Filesize
9.6MB

Download
memory/4840-13-0x00007FFFE4300000-0x00007FFFE4CA1000-memory.dmp

Filesize
9.6MB

Download
memory/4840-14-0x00007FFFE4300000-0x00007FFFE4CA1000-memory.dmp

Filesize
9.6MB

Download
memory/4840-15-0x000000001E9E0000-0x000000001EA42000-memory.dmp

Filesize
392KB

Download
memory/4840-6-0x00007FFFE4300000-0x00007FFFE4CA1000-memory.dmp

Filesize
9.6MB

Download
memory/4840-18-0x00007FFFE4300000-0x00007FFFE4CA1000-memory.dmp

Filesize
9.6MB

Download
memory/4840-5-0x00007FFFE45B5000-0x00007FFFE45B6000-memory.dmp

Filesize
4KB

Download
memory/4840-28-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-7-0x000000001BE00000-0x000000001BE44000-memory.dmp

Filesize
272KB

Download
memory/4840-31-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-29-0x00007FFFE4300000-0x00007FFFE4CA1000-memory.dmp

Filesize
9.6MB

Download
memory/4840-32-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-33-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-30-0x00007FFFE45B5000-0x00007FFFE45B6000-memory.dmp

Filesize
4KB

Download
memory/4840-35-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-36-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-37-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-38-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-39-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-40-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-41-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-42-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download
memory/4840-43-0x000000001FFF0000-0x0000000021667000-memory.dmp

Filesize
22.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads