34a1e46a598571d1b39c9153ad122fe5287f7360655742e8f5731e96dd22d852

Analysis

max time kernel
130s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68bf82acbe96ec09403a2451cfba743c_JaffaCakes118.exe
Size

460KB
MD5

68bf82acbe96ec09403a2451cfba743c
SHA1

0f3ab32f41d75c5206bd926e35ef63657d771416
SHA256

34a1e46a598571d1b39c9153ad122fe5287f7360655742e8f5731e96dd22d852
SHA512

41bd3f871dbc65b45f531affb0de7ee53ba3afbed720b367eb28cb12e5836db620cd2652e21b2eb7ceb7b6bdbcf81ae23714b1ac73b391e39566328a440c7916
SSDEEP

6144:Me1x8OvFt/056aMOQWmqjKYZaHZacAoIDpTuxX+kyaclsmO1oBdjkU+TEH0afBtI:tv/i6jOQlqLZa5VAAslsmOGZ9C

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

mcsmvzpebpmhc.exe

pid process

2928 mcsmvzpebpmhc.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

mcsmvzpebpmhc.exe

description pid process

Token: SeDebugPrivilege 2928 mcsmvzpebpmhc.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

mcsmvzpebpmhc.exe

pid process

2928 mcsmvzpebpmhc.exe
2928 mcsmvzpebpmhc.exe

pid	process
2928	mcsmvzpebpmhc.exe

description	pid	process
Token: SeDebugPrivilege	2928	mcsmvzpebpmhc.exe

pid	process
2928	mcsmvzpebpmhc.exe
2928	mcsmvzpebpmhc.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

68bf82acbe96ec09403a2451cfba743c_JaffaCakes118.exe

description	pid	process	target process
PID 3588 wrote to memory of 2928	3588	68bf82acbe96ec09403a2451cfba743c_JaffaCakes118.exe	mcsmvzpebpmhc.exe
PID 3588 wrote to memory of 2928	3588	68bf82acbe96ec09403a2451cfba743c_JaffaCakes118.exe	mcsmvzpebpmhc.exe

C:\Users\Admin\AppData\Local\Temp\68bf82acbe96ec09403a2451cfba743c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\68bf82acbe96ec09403a2451cfba743c_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe
  "C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe

Filesize
7KB

MD5
47c835c22089e8995742f10696dad5e8

SHA1
f9921459382827b140098c000500f6f8b85c826d

SHA256
f551a071a9f277545deec029df075e90c622dbe33dd55c2f2c274173677058ea

SHA512
2bb6be1ef168f2e71697195b540c26e632a65d4c3d84676746fcc8dcaca3ac3714d949ecc71c5e73bd1444c5e23267d3a5be18b5183f7e93ea00d90affd4e07b

Download Submit
C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\parent.txt

Filesize
460KB

MD5
68bf82acbe96ec09403a2451cfba743c

SHA1
0f3ab32f41d75c5206bd926e35ef63657d771416

SHA256
34a1e46a598571d1b39c9153ad122fe5287f7360655742e8f5731e96dd22d852

SHA512
41bd3f871dbc65b45f531affb0de7ee53ba3afbed720b367eb28cb12e5836db620cd2652e21b2eb7ceb7b6bdbcf81ae23714b1ac73b391e39566328a440c7916

Download Submit
memory/2928-12-0x00007FFA038B0000-0x00007FFA04251000-memory.dmp

Filesize
9.6MB

Download
memory/2928-13-0x00007FFA038B0000-0x00007FFA04251000-memory.dmp

Filesize
9.6MB

Download
memory/2928-9-0x00007FFA038B0000-0x00007FFA04251000-memory.dmp

Filesize
9.6MB

Download
memory/2928-8-0x000000001C190000-0x000000001C65E000-memory.dmp

Filesize
4.8MB

Download
memory/2928-10-0x000000001C700000-0x000000001C79C000-memory.dmp

Filesize
624KB

Download
memory/2928-11-0x00000000014A0000-0x00000000014A8000-memory.dmp

Filesize
32KB

Download
memory/2928-6-0x00007FFA038B0000-0x00007FFA04251000-memory.dmp

Filesize
9.6MB

Download
memory/2928-7-0x000000001BC80000-0x000000001BCC4000-memory.dmp

Filesize
272KB

Download
memory/2928-14-0x000000001FDF0000-0x000000001FE52000-memory.dmp

Filesize
392KB

Download
memory/2928-5-0x00007FFA03B65000-0x00007FFA03B66000-memory.dmp

Filesize
4KB

Download
memory/2928-17-0x00007FFA038B0000-0x00007FFA04251000-memory.dmp

Filesize
9.6MB

Download
memory/2928-26-0x0000000021EE0000-0x0000000022686000-memory.dmp

Filesize
7.6MB

Download
memory/2928-27-0x00007FFA038B0000-0x00007FFA04251000-memory.dmp

Filesize
9.6MB

Download
memory/2928-28-0x00007FFA03B65000-0x00007FFA03B66000-memory.dmp

Filesize
4KB

Download