de0904f35a06210ddb20cb2edd8e7021e3a547cc3fc71d2d417107d119a3c8ef

Analysis

max time kernel
142s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 13:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe
Size

475KB
MD5

24ff7b20126836191f694f4d51839bde
SHA1

626ae181ac100c6e8beab026c5a1a75106a8cbdf
SHA256

de0904f35a06210ddb20cb2edd8e7021e3a547cc3fc71d2d417107d119a3c8ef
SHA512

1120d6f0b5b34db3e2b5d593260daedec2799f7fbe86855afe67a969d482e41294297a89d878d68501bcc1ba5d40eb1d418f91899e2b92bce6252bdc509d390d
SSDEEP

12288:oYOUJAyVEO8kV0fJOFBezrlMpF2IqcYPoxmtF9fS:tJAySfJOCtMpRqcwoxmf96

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1900	yhiagvicbojqgn.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1900	yhiagvicbojqgn.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1900	yhiagvicbojqgn.exe
1900	yhiagvicbojqgn.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 1900	3548	24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe	85
PID 3548 wrote to memory of 1900	3548	24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\24ff7b20126836191f694f4d51839bde_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Users\Admin\AppData\Local\Temp\yhiagvicbojqgn.exe
  "C:\Users\Admin\AppData\Local\Temp\\yhiagvicbojqgn.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
475KB

MD5
24ff7b20126836191f694f4d51839bde

SHA1
626ae181ac100c6e8beab026c5a1a75106a8cbdf

SHA256
de0904f35a06210ddb20cb2edd8e7021e3a547cc3fc71d2d417107d119a3c8ef

SHA512
1120d6f0b5b34db3e2b5d593260daedec2799f7fbe86855afe67a969d482e41294297a89d878d68501bcc1ba5d40eb1d418f91899e2b92bce6252bdc509d390d

Download Submit
C:\Users\Admin\AppData\Local\Temp\yhiagvicbojqgn.exe

Filesize
23KB

MD5
831fe278215fcca35b2591bd81bfc398

SHA1
b1b37650a6ff8208968d95c3f89fcf52fdafaf0d

SHA256
7a19030ab932a63e1d6facc331ee2add06143fc581e9f6c6585eecab6c94d552

SHA512
997314ce7bb525f81545474777344aa0c87dbf8eb5ab3a0b2edb843f936527da063ce64a4c47cba0b2bd56f3e9c80245d659a681977013e85380132109664e9e

Download Submit
memory/1900-13-0x00000000014C0000-0x00000000014C8000-memory.dmp

Filesize
32KB

Download
memory/1900-14-0x00007FF9EEA20000-0x00007FF9EF3C1000-memory.dmp

Filesize
9.6MB

Download
memory/1900-8-0x000000001C2D0000-0x000000001C79E000-memory.dmp

Filesize
4.8MB

Download
memory/1900-9-0x00007FF9EEA20000-0x00007FF9EF3C1000-memory.dmp

Filesize
9.6MB

Download
memory/1900-10-0x000000001C840000-0x000000001C8DC000-memory.dmp

Filesize
624KB

Download
memory/1900-6-0x00007FF9EEA20000-0x00007FF9EF3C1000-memory.dmp

Filesize
9.6MB

Download
memory/1900-5-0x00007FF9EECD5000-0x00007FF9EECD6000-memory.dmp

Filesize
4KB

Download
memory/1900-7-0x000000001BC30000-0x000000001BC74000-memory.dmp

Filesize
272KB

Download
memory/1900-15-0x00007FF9EEA20000-0x00007FF9EF3C1000-memory.dmp

Filesize
9.6MB

Download
memory/1900-16-0x00007FF9EEA20000-0x00007FF9EF3C1000-memory.dmp

Filesize
9.6MB

Download
memory/1900-17-0x00007FF9EEA20000-0x00007FF9EF3C1000-memory.dmp

Filesize
9.6MB

Download
memory/1900-18-0x000000001FF90000-0x000000001FFF2000-memory.dmp

Filesize
392KB

Download
memory/1900-29-0x0000000022590000-0x0000000022D36000-memory.dmp

Filesize
7.6MB

Download
memory/1900-30-0x0000000020D70000-0x0000000021227000-memory.dmp

Filesize
4.7MB

Download
memory/1900-31-0x00007FF9EECD5000-0x00007FF9EECD6000-memory.dmp

Filesize
4KB

Download
memory/1900-32-0x00007FF9EEA20000-0x00007FF9EF3C1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads