2336fa229bc1af0ae3abc08679456b77486c6ada81e4afd4e45ade3ec386ba8f

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b205c28732d3532708b24b071d351a44_JaffaCakes118.exe
Size

460KB
MD5

b205c28732d3532708b24b071d351a44
SHA1

b8795b7ab31178f9a8e025869dc002e76fe8d5a2
SHA256

2336fa229bc1af0ae3abc08679456b77486c6ada81e4afd4e45ade3ec386ba8f
SHA512

8c27e3c5777205dfd0177e3ddda36cf62ec4fb9593d935c0ea071417562e41fd80d59fbb915540a5b738b05d74a1fb46fda320923daf75a4ebdd52014882c2c2
SSDEEP

6144:Re1x8OvFt/056aMOQWmqjKYZaHZacAoIDpTuxX+kyaclsmO1oBdjkU+TEH0afBSJ:Qv/i6jOQlqLZa5VAAslsmOGZ91e

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1064	mcsmvzpebpmhc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1064	mcsmvzpebpmhc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1064	mcsmvzpebpmhc.exe
1064	mcsmvzpebpmhc.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 1064	2620	b205c28732d3532708b24b071d351a44_JaffaCakes118.exe	84
PID 2620 wrote to memory of 1064	2620	b205c28732d3532708b24b071d351a44_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\b205c28732d3532708b24b071d351a44_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b205c28732d3532708b24b071d351a44_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe
  "C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe

Filesize
7KB

MD5
47c835c22089e8995742f10696dad5e8

SHA1
f9921459382827b140098c000500f6f8b85c826d

SHA256
f551a071a9f277545deec029df075e90c622dbe33dd55c2f2c274173677058ea

SHA512
2bb6be1ef168f2e71697195b540c26e632a65d4c3d84676746fcc8dcaca3ac3714d949ecc71c5e73bd1444c5e23267d3a5be18b5183f7e93ea00d90affd4e07b

Download Submit
C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\parent.txt

Filesize
460KB

MD5
b205c28732d3532708b24b071d351a44

SHA1
b8795b7ab31178f9a8e025869dc002e76fe8d5a2

SHA256
2336fa229bc1af0ae3abc08679456b77486c6ada81e4afd4e45ade3ec386ba8f

SHA512
8c27e3c5777205dfd0177e3ddda36cf62ec4fb9593d935c0ea071417562e41fd80d59fbb915540a5b738b05d74a1fb46fda320923daf75a4ebdd52014882c2c2

Download Submit
memory/1064-12-0x00007FFF66F00000-0x00007FFF678A1000-memory.dmp

Filesize
9.6MB

Download
memory/1064-13-0x00007FFF66F00000-0x00007FFF678A1000-memory.dmp

Filesize
9.6MB

Download
memory/1064-8-0x000000001C060000-0x000000001C52E000-memory.dmp

Filesize
4.8MB

Download
memory/1064-9-0x00007FFF66F00000-0x00007FFF678A1000-memory.dmp

Filesize
9.6MB

Download
memory/1064-10-0x000000001C5D0000-0x000000001C66C000-memory.dmp

Filesize
624KB

Download
memory/1064-11-0x0000000001270000-0x0000000001278000-memory.dmp

Filesize
32KB

Download
memory/1064-6-0x00007FFF66F00000-0x00007FFF678A1000-memory.dmp

Filesize
9.6MB

Download
memory/1064-7-0x000000001BA40000-0x000000001BA84000-memory.dmp

Filesize
272KB

Download
memory/1064-14-0x00007FFF66F00000-0x00007FFF678A1000-memory.dmp

Filesize
9.6MB

Download
memory/1064-15-0x000000001FDA0000-0x000000001FE02000-memory.dmp

Filesize
392KB

Download
memory/1064-16-0x00007FFF671B5000-0x00007FFF671B6000-memory.dmp

Filesize
4KB

Download
memory/1064-17-0x00007FFF66F00000-0x00007FFF678A1000-memory.dmp

Filesize
9.6MB

Download
memory/1064-5-0x00007FFF671B5000-0x00007FFF671B6000-memory.dmp

Filesize
4KB

Download
memory/1064-20-0x00007FFF66F00000-0x00007FFF678A1000-memory.dmp

Filesize
9.6MB

Download
memory/1064-29-0x0000000022130000-0x00000000228D6000-memory.dmp

Filesize
7.6MB

Download
memory/1064-30-0x00007FFF66F00000-0x00007FFF678A1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads