9f37368af806a281eaa3ad05de8239d2b4d0191c3eae39465164f1239542d8b5

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6584b8af3b7e22a5add553eefa016719_JaffaCakes118.exe
Size

460KB
MD5

6584b8af3b7e22a5add553eefa016719
SHA1

a696dc75699083ecaad2a36f137cf4bc23a8e4de
SHA256

9f37368af806a281eaa3ad05de8239d2b4d0191c3eae39465164f1239542d8b5
SHA512

496ecaa2d945b093ad0b5ac087f3313f972bf69f76b93a81a31ae90fa79eaa6b904f1992aa2ca0e56066e1cf46d296b2e5f97a894b531af9510cef5c85b12168
SSDEEP

6144:6Pgm1w+oJ1dlGpz42w+mBSiNX+bVlzdLQjMyyFu/3LiwoRVVdnDd965AyYt:/F1zG4Gi+7dLGxmI2RVVFDd968

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

urimdpsxukbcti.exe

pid process

1876 urimdpsxukbcti.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

urimdpsxukbcti.exe

description pid process

Token: SeDebugPrivilege 1876 urimdpsxukbcti.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

urimdpsxukbcti.exe

pid process

1876 urimdpsxukbcti.exe
1876 urimdpsxukbcti.exe

pid	process
1876	urimdpsxukbcti.exe

description	pid	process
Token: SeDebugPrivilege	1876	urimdpsxukbcti.exe

pid	process
1876	urimdpsxukbcti.exe
1876	urimdpsxukbcti.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

6584b8af3b7e22a5add553eefa016719_JaffaCakes118.exe

description	pid	process	target process
PID 4480 wrote to memory of 1876	4480	6584b8af3b7e22a5add553eefa016719_JaffaCakes118.exe	urimdpsxukbcti.exe
PID 4480 wrote to memory of 1876	4480	6584b8af3b7e22a5add553eefa016719_JaffaCakes118.exe	urimdpsxukbcti.exe

C:\Users\Admin\AppData\Local\Temp\6584b8af3b7e22a5add553eefa016719_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6584b8af3b7e22a5add553eefa016719_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4480

C:\Users\Admin\AppData\Local\Temp\pgbxyarggttyhb\urimdpsxukbcti.exe
"C:\Users\Admin\AppData\Local\Temp\pgbxyarggttyhb\urimdpsxukbcti.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1340 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pgbxyarggttyhb\parent.txt

Filesize
460KB

MD5
6584b8af3b7e22a5add553eefa016719

SHA1
a696dc75699083ecaad2a36f137cf4bc23a8e4de

SHA256
9f37368af806a281eaa3ad05de8239d2b4d0191c3eae39465164f1239542d8b5

SHA512
496ecaa2d945b093ad0b5ac087f3313f972bf69f76b93a81a31ae90fa79eaa6b904f1992aa2ca0e56066e1cf46d296b2e5f97a894b531af9510cef5c85b12168

Download Submit
C:\Users\Admin\AppData\Local\Temp\pgbxyarggttyhb\urimdpsxukbcti.exe

Filesize
7KB

MD5
22ebd7048e5f906437e0445d9e32b6c2

SHA1
eabb5c1b6eb7775e74286e90746a6d7ca0137d8d

SHA256
0842938f12e0cea2ffd876308d46a5dc05967c2c9bfccb3e6eb413fa38b566c4

SHA512
65e6d164b0321be5cc0936751efa63f950b0bf138bd35570b98c7fb13971bc1e4a376e9d437840abd522cc66b3c25ffd5d1c1df60b04afc320f6fa1455db3e5f

Download Submit
memory/1876-19-0x00007FFA05FC0000-0x00007FFA06961000-memory.dmp

Filesize
9.6MB

Download
memory/1876-40-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-8-0x000000001B740000-0x000000001B784000-memory.dmp

Filesize
272KB

Download
memory/1876-9-0x000000001BC50000-0x000000001C11E000-memory.dmp

Filesize
4.8MB

Download
memory/1876-10-0x000000001C1C0000-0x000000001C25C000-memory.dmp

Filesize
624KB

Download
memory/1876-11-0x0000000000E70000-0x0000000000E78000-memory.dmp

Filesize
32KB

Download
memory/1876-12-0x00007FFA05FC0000-0x00007FFA06961000-memory.dmp

Filesize
9.6MB

Download
memory/1876-13-0x00007FFA05FC0000-0x00007FFA06961000-memory.dmp

Filesize
9.6MB

Download
memory/1876-14-0x00007FFA05FC0000-0x00007FFA06961000-memory.dmp

Filesize
9.6MB

Download
memory/1876-15-0x000000001F940000-0x000000001F9A2000-memory.dmp

Filesize
392KB

Download
memory/1876-6-0x00007FFA05FC0000-0x00007FFA06961000-memory.dmp

Filesize
9.6MB

Download
memory/1876-18-0x00007FFA06275000-0x00007FFA06276000-memory.dmp

Filesize
4KB

Download
memory/1876-42-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-7-0x00007FFA05FC0000-0x00007FFA06961000-memory.dmp

Filesize
9.6MB

Download
memory/1876-33-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-30-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-32-0x00007FFA05FC0000-0x00007FFA06961000-memory.dmp

Filesize
9.6MB

Download
memory/1876-31-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-21-0x00007FFA05FC0000-0x00007FFA06961000-memory.dmp

Filesize
9.6MB

Download
memory/1876-34-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-35-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-36-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-37-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-38-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-39-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-20-0x00007FFA05FC0000-0x00007FFA06961000-memory.dmp

Filesize
9.6MB

Download
memory/1876-41-0x000000001FCB0000-0x0000000021327000-memory.dmp

Filesize
22.5MB

Download
memory/1876-5-0x00007FFA06275000-0x00007FFA06276000-memory.dmp

Filesize
4KB

Download