Analysis
-
max time kernel
1s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
08-05-2024 17:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
258c60b279a8debef184b5c01766604f_JaffaCakes118.exe
Resource
win11-20240508-en
3 signatures
150 seconds
General
-
Target
258c60b279a8debef184b5c01766604f_JaffaCakes118.exe
-
Size
280KB
-
MD5
258c60b279a8debef184b5c01766604f
-
SHA1
011f5dda5f08ac9f3ec5723ce3d54ad738f8a367
-
SHA256
20a58ef0190c09058cef8c973a92a39a1aa125a350cd47e381d44937983274a9
-
SHA512
50d90c2eedbf941d6e38ab8274b11654bcf8b613c8aa03ba10fcc9a4ef29551ed88f47d21bb12c11648e7524a8d1fe73c11e0c8864d01b8c9fe0773952e5c313
-
SSDEEP
6144:72j756oaGYq2ygcOCJPExIn52TO18L63E4xK:yj09ygcOQZ5iO1u38K
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
Processes:
258c60b279a8debef184b5c01766604f_JaffaCakes118.exedescription ioc process File created C:\Windows\assembly\Desktop.ini 258c60b279a8debef184b5c01766604f_JaffaCakes118.exe File opened for modification C:\Windows\assembly\Desktop.ini 258c60b279a8debef184b5c01766604f_JaffaCakes118.exe -
Drops file in Windows directory 3 IoCs
Processes:
258c60b279a8debef184b5c01766604f_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\assembly 258c60b279a8debef184b5c01766604f_JaffaCakes118.exe File created C:\Windows\assembly\Desktop.ini 258c60b279a8debef184b5c01766604f_JaffaCakes118.exe File opened for modification C:\Windows\assembly\Desktop.ini 258c60b279a8debef184b5c01766604f_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
258c60b279a8debef184b5c01766604f_JaffaCakes118.exedescription pid process target process PID 2656 wrote to memory of 1428 2656 258c60b279a8debef184b5c01766604f_JaffaCakes118.exe RegAsm.exe PID 2656 wrote to memory of 1428 2656 258c60b279a8debef184b5c01766604f_JaffaCakes118.exe RegAsm.exe PID 2656 wrote to memory of 1428 2656 258c60b279a8debef184b5c01766604f_JaffaCakes118.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe"1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe2⤵PID:1428