Analysis Overview
SHA256
20a58ef0190c09058cef8c973a92a39a1aa125a350cd47e381d44937983274a9
Threat Level: Shows suspicious behavior
The file 258c60b279a8debef184b5c01766604f_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops desktop.ini file(s)
Drops file in Windows directory
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-08 17:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-08 17:36
Reported
2024-05-08 17:37
Platform
win11-20240508-en
Max time kernel
1s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\assembly | C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe | N/A |
| File created | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\assembly\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2656 wrote to memory of 1428 | N/A | C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
| PID 2656 wrote to memory of 1428 | N/A | C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
| PID 2656 wrote to memory of 1428 | N/A | C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\258c60b279a8debef184b5c01766604f_JaffaCakes118.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Network
Files
memory/2656-0-0x0000000075051000-0x0000000075052000-memory.dmp
memory/2656-1-0x0000000075050000-0x0000000075601000-memory.dmp
memory/2656-2-0x0000000075050000-0x0000000075601000-memory.dmp
memory/2656-6-0x0000000075050000-0x0000000075601000-memory.dmp