Analysis
-
max time kernel
134s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 01:34
Behavioral task
behavioral1
Sample
73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe
-
Size
5.4MB
-
MD5
73ee6681043bed0a66e411cbfd6e84f5
-
SHA1
7e9912fa4ff9f9a4b86f37248031a9a66a3b62e7
-
SHA256
bd69918ba5c2bde593638d10407c5bc3999a1da4ba11c27c7fe95b6264e27358
-
SHA512
6cef3be91e22065adb0c350bfc5377214ecf34a78870d364afa5bbef5d4efbb72531776ab930e71a4839d6f542f725c6a802b2ce32ed196cb69946a9249811ec
-
SSDEEP
98304:nAwmylt6yvi0Wcl3Ama62GYWpQgBR1P1sIb6VnzkDIJKobTi:R/6H0LaG/v51sO4ADIkMT
Malware Config
Signatures
-
Loads dropped DLL 9 IoCs
pid Process 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe -
Modifies registry class 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\fcade\URL Protocol 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\fcade\shell\open\ 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\fcade\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe \"%1\"" 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\fcade 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\fcade\ = "Fightcade" 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\fcade\shell 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\fcade\shell\ 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\fcade\shell\open 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe Key created \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\fcade\shell\open\command 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3240 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1988 wrote to memory of 3240 1988 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 82 PID 1988 wrote to memory of 3240 1988 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 82 PID 1988 wrote to memory of 3240 1988 73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Users\Admin\AppData\Local\Temp\73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\73ee6681043bed0a66e411cbfd6e84f5_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3240
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD53986998b3753483f8b28c721fef6f8e4
SHA12ef3c0fac94c85276721ee2980f49b1bafef597d
SHA256cbc23d6c2e3e2950452c7d255da1452338301a4c9a0b09eba83287709d2a5000
SHA512258e2805440b36e20702c1447597698ef18a5a7f890cfece55bd4f797073c87e7bde659db3e2474e9b998213d76e2c3d5221659c6827237e06b3b6f4b3643ae6
-
Filesize
1.4MB
MD59be53b53c1ec6b56663f45464edfcde9
SHA1f8f5dd5640d594a2b53f5bbd12893c11cf4b7d55
SHA256b572bf14ca3d3e5158b89314b6fe2129a753edaca1958e252784561f33f9ecda
SHA512a52727b54a03246b74460a2741324b371ccaa083a4f3123fd1175a3061d3b6707ddbaaa73b3e39435cffd8d3018ee2dee8bad6c58a17faa55b6d05a3b38ee78b
-
Filesize
2.5MB
MD5ceb92a7366bd07a460c98303385ef9c4
SHA1e91ef3e144ef17b6acc0c645caf0d4262b1f67dc
SHA256cdbb2b0eb55004276cfdf563ee7a0fbdb3cacbf8609334847bd13c1833bb31bc
SHA5126b24b5143b2fb95af6cf567b6ead27bee3f2b1e35727861385199e7f23edc3675423961a2d9a0ffbb686f1d2fc148f246f4381b1b3af0eecd7e8747dedb8088d
-
Filesize
90KB
MD56daf8b55801a602f84d7d568a142459c
SHA157a80ca9621b282727d45caa5ae1c5e3c7e93f60
SHA25666d0cb13569e9798b04c5d049cff25bd4c7c8e7ddd885b62f523d90a65d0ce88
SHA512abb1c17aea3edb46c096ca3d8cbf74c9dccad36a7b83be8cf30697760ad49f3bd3a38dc4ff1f0b715ad7996c3a23ea1c855fffd62af01d15935abc73378dcc2e
-
Filesize
1.1MB
MD555a29ec9721c509a5b20d1a037726cfa
SHA1eaba230581d7b46f316d6603ea15c1e3c9740d04
SHA256dbdcf9e8cba52043b5246ad0d234da8ba4d6534b326bbbb28a6a391edf6fa4ce
SHA512e1a2993d4dd5f2e81f299fe158ee6d1f8ef95983113c9bea9a087e42205ff06ac563762de5a0b70b535efe8cf9f980ffc14c1318aaf58de3644277e3602e0ab3
-
Filesize
69KB
MD5813c016e2898c6a2c1825b586de0ae61
SHA17113efcccb6ab047cdfdb65ba4241980c88196f4
SHA256693dfc5ccb8555a4183d4e196865ef0a766d7e53087c39059d096d03d6f64724
SHA512dbb4add301ea127669d5dac4226ce0f5d6e5b2e50773db5c8083a9045a3cba0fcf6ea253a1183a4c87752bd3c5eb84128103a6d8ade71a7e410831b826d323ad
-
Filesize
51KB
MD5a111ff7c807b19406da97c7df827a789
SHA12753625ca7112a4a785a594473d534892adb55f1
SHA2568d178f3ff30f972f182056cc96faeff26b9bbaea0666ed7e13d3ec2c30765d92
SHA512fafdf88d9c0b363c047461bb9a6e44481b5c44ad868d59773805f73b4e4cb4488591e4421b48eb7cd18d9640fae03505cbb5ee78dbd8c61dcb6443ab51da6f0f
-
Filesize
10KB
MD5e6ecff0d1588fed3a61edc1a1a5eb9bb
SHA12a3913a69dbdda8aefbe1f290753435979791a37
SHA256345969d43b33717415bd5796d5a7b266592dc79a96543714828ff8fc1f249d18
SHA512f59b356833840126f31f70ddb0e7f661db8528d82aa9450e299b81fe5adda35d44f3bceb52fb27e6843cf497211470f439a232c73245f8c606b31cb13322cd6f
-
Filesize
671KB
MD5a46e180e03ab5c2d802b8e6214067500
SHA15de5efbce2e6e81b6b954b843090b387b7ba927e
SHA256689e5061cefda6223477a6a05906a500d59bd1b2a7458730b8d43c9d3b43bdba
SHA51268bd7ae714fb4f117eb53a0fb968083772aaeaa6428ae8510e5c109361b140c98415a1955fca49db3e9e1b6ae19909e9c50110f499306476d01141c479c16335