789c9a6b4e096b97f8f909760c5db4627a80794e8eb6d23ddcc47f6a57cbf8bb

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 06:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
Size

569KB
MD5

9a2a33ed7a8a3c14a906f6b70548984d
SHA1

cbf5e4f13df46a01a830b4c2c66fabc2a0465162
SHA256

789c9a6b4e096b97f8f909760c5db4627a80794e8eb6d23ddcc47f6a57cbf8bb
SHA512

cff5dbde248555b239b5d8e0826568755802882c621cb82b193e9b7ff868b76494b6d96c074b8f11ae5059203684ab585fedb85fdaff713e27d9c3c17e49007e
SSDEEP

12288:n3mJDYL0H7sq69S8fXANjI+o3+4TWcqUd52PXj58yYcvhGALrAXsO:3mhh7D58fXKI+oO8N2PXjuqBO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe
996	wabmig.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 996	4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	83
PID 4332 wrote to memory of 996	4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	83
PID 4332 wrote to memory of 996	4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	83
PID 4332 wrote to memory of 996	4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	83
PID 4332 wrote to memory of 996	4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	83
PID 4332 wrote to memory of 996	4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	83
PID 4332 wrote to memory of 996	4332	9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9a2a33ed7a8a3c14a906f6b70548984d_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Program Files (x86)\Windows Mail\wabmig.exe
  -bf
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\xcp\xenaqq.znw

Filesize
5KB

MD5
cb37e6372576942f799923288735279c

SHA1
cc6d5e6de4cb19a16a8419421068b47476078988

SHA256
1bdf62629c6898f306b99309c2b243856476e667c7db0d4fcc3f76e743380753

SHA512
b6c4ff284bf66664fe86dd6cd43d2f13114b30a2e54a49cfb3131818b456f1b80ed8a11e52e91dc1ab026d1bd12c259378fe93cab2687ce797a680f8af795e65

Download Submit
C:\ProgramData\xcp\zmkjd.kcb

Filesize
569KB

MD5
a7b013d21d288f3ace957755bd4029a0

SHA1
98dbfc2e1b4936233cee2767b725954833aeedbc

SHA256
d95e75af72c8e08bac5cc9f8565f4d5526e3913361433a0f2a6a093a18fb7617

SHA512
2018fb770657af665bc37517ceb8536332ce2fd786af5449bcf479f65eb576d1d62c317318b89333c114968036ac89c00c2b707e3fd9fbca1a64056c775b9c8c

Download Submit
memory/996-18-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-16-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-8-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-13-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-12-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-10-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-7-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-11-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-25-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-9-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-6-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-19-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-21-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-24-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-20-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-22-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/996-23-0x00000000027D0000-0x000000000280F000-memory.dmp

Filesize
252KB

Download
memory/4332-0-0x00000000003E0000-0x0000000000471000-memory.dmp

Filesize
580KB

Download
memory/4332-15-0x00000000003E0000-0x0000000000471000-memory.dmp

Filesize
580KB

Download