20481d1b88aa543d4011d497514cca88b6b4757a33bb950dde06c0436fb75cce

General

Target

80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe
Size

449KB
MD5

80dbb95b241157e43f898af46a203ee6
SHA1

9ca947e6ca47918a197ca36bc7e855a9f59c305a
SHA256

20481d1b88aa543d4011d497514cca88b6b4757a33bb950dde06c0436fb75cce
SHA512

84b9884653b2a9fe427dda3f9d6de4a957de49534eed37aa4845dade71e479d185b2c3d796030e6997544823471c0d1cdea704f835ee7904c54658f460afe515
SSDEEP

12288:xoL4EnU4T/vjL27xkuhG/4VAp1mcVYAmVLc08jIWYuTnuvUhGij7Wla7:xwnU4TDL27xLhG/eAicVYPlcDInuTuvy

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28
PID 2872 wrote to memory of 2728	2872	80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\80dbb95b241157e43f898af46a203ee6_JaffaCakes118.exe
  2⤵
  PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2872-0-0x0000000074671000-0x0000000074672000-memory.dmp

Filesize
4KB

Download
memory/2872-1-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2872-2-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2872-3-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2872-5-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2872-4-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2872-7-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-6-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-9-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-11-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-15-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-13-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-31-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-17-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-43-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-41-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-39-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-47-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-37-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-19-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-21-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-23-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-51-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-52-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2872-49-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-45-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-35-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-34-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-29-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-27-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download
memory/2872-53-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2872-25-0x00000000023B0000-0x000000000242B000-memory.dmp

Filesize
492KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads