ad64cb00c465423eb5d1efbad539fbcba72c05733fd20988512b15885f820c6e

Analysis

max time kernel
142s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 12:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6af096a6db29ca10f74662d9a8f37152_JaffaCakes118.exe
Size

457KB
MD5

6af096a6db29ca10f74662d9a8f37152
SHA1

f1df2141d3b32ad6eaf174fbea7188bbbbe9c9c6
SHA256

ad64cb00c465423eb5d1efbad539fbcba72c05733fd20988512b15885f820c6e
SHA512

d2fc0103b7e8274bc01a4aeaf04ecd74d27ad3c01609fd0e1bc6453917303722017aa7b7408948b28430b0248986504b2d12f7a9a2d053cd5c1bab1c2a09fce3
SSDEEP

6144:OHFn/5EIFfwnb4ylKxh5Vn5TKLjgp8cAe4WDc46wCWFGmxllgMeN+anWl95YNS:yFfGb41xtn5ufgpLA46w5NlS3Wl9sS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2892	adgwsukbgauoppf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2892	adgwsukbgauoppf.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2892	adgwsukbgauoppf.exe
2892	adgwsukbgauoppf.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 2892	212	6af096a6db29ca10f74662d9a8f37152_JaffaCakes118.exe	83
PID 212 wrote to memory of 2892	212	6af096a6db29ca10f74662d9a8f37152_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\6af096a6db29ca10f74662d9a8f37152_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6af096a6db29ca10f74662d9a8f37152_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Users\Admin\AppData\Local\Temp\adgwsukbgauoppf.exe
  "C:\Users\Admin\AppData\Local\Temp\\adgwsukbgauoppf.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\adgwsukbgauoppf.exe

Filesize
6KB

MD5
aac5ed13dc19a296da596b37f09809b9

SHA1
9f93e6281386df5ae0525d9d3036cb4a74df4ac4

SHA256
6522244da8cb88bbf07ef2c7bdd81a62daf6e24df39d3c331a31b00d8954790e

SHA512
11e9b499670c97f0e2ab4a0d6ff6952e697d67d43c91ec84be7c817c74dc450ac98ad20cdcfbf2028de97aa69ce13de56a15481b6402b9c9d9dc158a8256ece4

Download Submit
C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
457KB

MD5
6af096a6db29ca10f74662d9a8f37152

SHA1
f1df2141d3b32ad6eaf174fbea7188bbbbe9c9c6

SHA256
ad64cb00c465423eb5d1efbad539fbcba72c05733fd20988512b15885f820c6e

SHA512
d2fc0103b7e8274bc01a4aeaf04ecd74d27ad3c01609fd0e1bc6453917303722017aa7b7408948b28430b0248986504b2d12f7a9a2d053cd5c1bab1c2a09fce3

Download Submit
memory/2892-13-0x000000001AF20000-0x000000001AF28000-memory.dmp

Filesize
32KB

Download
memory/2892-14-0x00007FFB0A9B0000-0x00007FFB0B351000-memory.dmp

Filesize
9.6MB

Download
memory/2892-8-0x000000001B460000-0x000000001B92E000-memory.dmp

Filesize
4.8MB

Download
memory/2892-10-0x000000001B9D0000-0x000000001BA6C000-memory.dmp

Filesize
624KB

Download
memory/2892-9-0x00007FFB0A9B0000-0x00007FFB0B351000-memory.dmp

Filesize
9.6MB

Download
memory/2892-6-0x00007FFB0A9B0000-0x00007FFB0B351000-memory.dmp

Filesize
9.6MB

Download
memory/2892-5-0x00007FFB0AC65000-0x00007FFB0AC66000-memory.dmp

Filesize
4KB

Download
memory/2892-7-0x000000001AF50000-0x000000001AF94000-memory.dmp

Filesize
272KB

Download
memory/2892-15-0x00007FFB0A9B0000-0x00007FFB0B351000-memory.dmp

Filesize
9.6MB

Download
memory/2892-16-0x000000001F150000-0x000000001F1B2000-memory.dmp

Filesize
392KB

Download
memory/2892-19-0x00007FFB0A9B0000-0x00007FFB0B351000-memory.dmp

Filesize
9.6MB

Download
memory/2892-28-0x0000000021690000-0x0000000021E36000-memory.dmp

Filesize
7.6MB

Download
memory/2892-29-0x000000001FD20000-0x00000000201D7000-memory.dmp

Filesize
4.7MB

Download
memory/2892-30-0x00007FFB0AC65000-0x00007FFB0AC66000-memory.dmp

Filesize
4KB

Download
memory/2892-31-0x00007FFB0A9B0000-0x00007FFB0B351000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads