b15994a02277806761ee08000789017db73c71849ac3c60ba93d9052670082bb

Analysis

max time kernel
134s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 21:25

Target

369e4e031925b1e341482e630be93731_JaffaCakes118.exe
Size

250KB
MD5

369e4e031925b1e341482e630be93731
SHA1

8594667f550b149e0647f73c21d86fd8682e3d41
SHA256

b15994a02277806761ee08000789017db73c71849ac3c60ba93d9052670082bb
SHA512

a317a544e62dbb44254b29553f29077bb01320a56f98876cc3ec4ccaed47efbe88af0c052e407fff6bba62fe4a084b42fb194e4d253375101fdf64970f6e64dc
SSDEEP

3072:CemeCqBlpAhQ/7xeZha6/Gwc0mmJWa2IKKh:9vpAO56smJWa2IKKh

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4004	xounm.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4004	xounm.exe
4004	xounm.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
4004	xounm.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1524	369e4e031925b1e341482e630be93731_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 4004	1524	369e4e031925b1e341482e630be93731_JaffaCakes118.exe	85
PID 1524 wrote to memory of 4004	1524	369e4e031925b1e341482e630be93731_JaffaCakes118.exe	85
PID 1524 wrote to memory of 4004	1524	369e4e031925b1e341482e630be93731_JaffaCakes118.exe	85
PID 4004 wrote to memory of 244	4004	xounm.exe	87
PID 4004 wrote to memory of 244	4004	xounm.exe	87
PID 4004 wrote to memory of 244	4004	xounm.exe	87

C:\Users\Admin\AppData\Roaming\Epozti\xounm.exe

Filesize
250KB

MD5
e90df5f6a164a3cb27abdbc0a994468a

SHA1
ccee4e6c7cdafc2f6c6e6c0cf7359b3afeac80a3

SHA256
914cb8ba0dc9563a16059a522bf4a1e6eb208899136514550dd69580ece7ead3

SHA512
62c32b53bebbe4ca5419663f4df9156c0d768736e0da7d1b56c75b2d7d08e1c4d255a67d75c6e8ae8eedb15447a0558c91f65c80fc87073f00ea9704607796ba

Download Submit
memory/244-10-0x00000000012E0000-0x000000000130D000-memory.dmp

Filesize
180KB

Download
memory/244-11-0x00000000012E0000-0x000000000130D000-memory.dmp

Filesize
180KB

Download
memory/1524-0-0x00000000023D0000-0x00000000026C8000-memory.dmp

Filesize
3.0MB

Download
memory/1524-1-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/1524-2-0x0000000000400000-0x00000000006F9000-memory.dmp

Filesize
3.0MB

Download
memory/1524-14-0x0000000000400000-0x00000000006F7000-memory.dmp

Filesize
3.0MB

Download
memory/1524-12-0x0000000000400000-0x00000000006F9000-memory.dmp

Filesize
3.0MB

Download
memory/4004-9-0x0000000000400000-0x00000000006F9000-memory.dmp

Filesize
3.0MB

Download
memory/4004-8-0x0000000000400000-0x00000000006F9000-memory.dmp

Filesize
3.0MB

Download
memory/4004-13-0x0000000000400000-0x00000000006F9000-memory.dmp

Filesize
3.0MB

Download