19b618b9909ae20b6dc14431ea6d56b3c16514606bb0b5296beac57d5d220d67

Analysis

max time kernel
94s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe
Size

469KB
MD5

39b62c66470ae30f22868abe94084ccd
SHA1

bf965beeff838f2437ab0aad63100cd700429764
SHA256

19b618b9909ae20b6dc14431ea6d56b3c16514606bb0b5296beac57d5d220d67
SHA512

6d24c12b46b81866f88bf83119b388e6afe554aae0c14cc4ebaab3d3005ae5f9010d0629dc45ef9ecf9228193657fa0f54b92a1580857298ec039ff80162e3b1
SSDEEP

12288:qQR17Zoi3bJmxfgDPIvep+UWL0R32UnrL7g:PZoiAxI0ven6657g

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4724	nssvvloiimyefdg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4724	nssvvloiimyefdg.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4724	nssvvloiimyefdg.exe
4724	nssvvloiimyefdg.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 4724	4720	39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe	83
PID 4720 wrote to memory of 4724	4720	39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\39b62c66470ae30f22868abe94084ccd_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Users\Admin\AppData\Local\Temp\nssvvloiimyefdg.exe
  "C:\Users\Admin\AppData\Local\Temp\\nssvvloiimyefdg.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nssvvloiimyefdg.exe

Filesize
17KB

MD5
9e861713ae529093829da2368374551d

SHA1
c9fcd1a93925ceb258ebd2d0d4c852ec5cddd2b9

SHA256
7380586354a333986684f181d73f4eee951205ec4103f989daedb603b3e3fd96

SHA512
50343bdabef975745254b46fdefa55601dad099026543ae784ce44f15e6cfed2f7e9d0a2aadb615822f822bc68647443c232f89578bb98de9074bcb975f13734

Download Submit
C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
469KB

MD5
39b62c66470ae30f22868abe94084ccd

SHA1
bf965beeff838f2437ab0aad63100cd700429764

SHA256
19b618b9909ae20b6dc14431ea6d56b3c16514606bb0b5296beac57d5d220d67

SHA512
6d24c12b46b81866f88bf83119b388e6afe554aae0c14cc4ebaab3d3005ae5f9010d0629dc45ef9ecf9228193657fa0f54b92a1580857298ec039ff80162e3b1

Download Submit
memory/4724-13-0x0000000001380000-0x0000000001388000-memory.dmp

Filesize
32KB

Download
memory/4724-14-0x00007FF8E45F0000-0x00007FF8E4F91000-memory.dmp

Filesize
9.6MB

Download
memory/4724-8-0x00000000015B0000-0x00000000015F4000-memory.dmp

Filesize
272KB

Download
memory/4724-9-0x000000001C050000-0x000000001C51E000-memory.dmp

Filesize
4.8MB

Download
memory/4724-10-0x000000001C5C0000-0x000000001C65C000-memory.dmp

Filesize
624KB

Download
memory/4724-6-0x00007FF8E45F0000-0x00007FF8E4F91000-memory.dmp

Filesize
9.6MB

Download
memory/4724-5-0x00007FF8E48A5000-0x00007FF8E48A6000-memory.dmp

Filesize
4KB

Download
memory/4724-7-0x00007FF8E45F0000-0x00007FF8E4F91000-memory.dmp

Filesize
9.6MB

Download
memory/4724-15-0x00007FF8E45F0000-0x00007FF8E4F91000-memory.dmp

Filesize
9.6MB

Download
memory/4724-16-0x00007FF8E45F0000-0x00007FF8E4F91000-memory.dmp

Filesize
9.6MB

Download
memory/4724-17-0x00007FF8E45F0000-0x00007FF8E4F91000-memory.dmp

Filesize
9.6MB

Download
memory/4724-18-0x000000001E7A0000-0x000000001E802000-memory.dmp

Filesize
392KB

Download
memory/4724-29-0x0000000021EB0000-0x0000000022656000-memory.dmp

Filesize
7.6MB

Download
memory/4724-30-0x00007FF8E45F0000-0x00007FF8E4F91000-memory.dmp

Filesize
9.6MB

Download
memory/4724-31-0x00007FF8E48A5000-0x00007FF8E48A6000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads