789c9a6b4e096b97f8f909760c5db4627a80794e8eb6d23ddcc47f6a57cbf8bb

Analysis

max time kernel
145s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-06-2024 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
Size

569KB
MD5

9a2a33ed7a8a3c14a906f6b70548984d
SHA1

cbf5e4f13df46a01a830b4c2c66fabc2a0465162
SHA256

789c9a6b4e096b97f8f909760c5db4627a80794e8eb6d23ddcc47f6a57cbf8bb
SHA512

cff5dbde248555b239b5d8e0826568755802882c621cb82b193e9b7ff868b76494b6d96c074b8f11ae5059203684ab585fedb85fdaff713e27d9c3c17e49007e
SSDEEP

12288:n3mJDYL0H7sq69S8fXANjI+o3+4TWcqUd52PXj58yYcvhGALrAXsO:3mhh7D58fXKI+oO8N2PXjuqBO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe
2040	wabmig.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2040	2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	28
PID 2236 wrote to memory of 2040	2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	28
PID 2236 wrote to memory of 2040	2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	28
PID 2236 wrote to memory of 2040	2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	28
PID 2236 wrote to memory of 2040	2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	28
PID 2236 wrote to memory of 2040	2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	28
PID 2236 wrote to memory of 2040	2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	28
PID 2236 wrote to memory of 2040	2236	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Windows Mail\wabmig.exe
  -ih
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\rt\jzrdzt.cqb

Filesize
2KB

MD5
1ce2a4f24303a006cd7d3f0feb07597e

SHA1
dd84e99e192f116334fb64cbf16e8abd55922dbb

SHA256
ea197f191b82708265567c85751dfb4b628688b8d22e86268c5fb49c0f01618b

SHA512
a0fc329447719095c836466d5fc4c1a3bbdb89400211a851622f8bdb3514615e0487d76d59cce9852f669caae7af7d9baa45aebe4e765e327d0464f7bb5ddcec

Download Submit
C:\ProgramData\rt\xtfrp.wep

Filesize
574KB

MD5
ed7789a20c442641159538fbd28e37e2

SHA1
38f1b022c7e032830bd77edea5cf3bf4f26f6d23

SHA256
5e0ef1bf69bdd326043ea8cf01e66476cf27c1c689cc00615079e3537ec52866

SHA512
3f08bda3c91d38f14c85318d4ad8a5308dbbe28bab1a41341d9ed810d2d42149849a1e06d56d31db102e088c4427a2dbddef9d9413abd6305ba799129fb3844d

Download Submit
memory/2040-20-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-16-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-13-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-12-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-7-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-9-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-11-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-10-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-25-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-8-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-6-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-18-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-19-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-24-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-21-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-22-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2040-23-0x00000000002A0000-0x00000000002E0000-memory.dmp

Filesize
256KB

Download
memory/2236-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2236-15-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download