918f96a3b2ed872896e6c8aa15a04cbb1c575976540ac2a825b8a0c019c77352

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/06/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
Size

171KB
MD5

102e5896e445a7752635627f99b6130f
SHA1

e9cb4aeb29f9cdba4dca3cfcd42b2a679000961d
SHA256

918f96a3b2ed872896e6c8aa15a04cbb1c575976540ac2a825b8a0c019c77352
SHA512

118e581ef73d9c2cdb62c0b5c5d20de761b85c9e25f2d0590f1448b9be99b381ffa65035559f490e4fd063b6756b3acfb06a955fc2ed67587f613c1f70d77a81
SSDEEP

1536:KSYi8kWTUh6RpRNEbKQodcktbbHS9ax3MA4urPCpg0HccFBc73zOCJxFLNVS5vl:JYDkWQ0Hw1CIGD91C

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2256 set thread context of 2164	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	29
PID 2164 set thread context of 2600	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	34

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
Token: SeDebugPrivilege	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
Token: SeDebugPrivilege	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 51 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2416	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	28
PID 2256 wrote to memory of 2416	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	28
PID 2256 wrote to memory of 2416	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	28
PID 2256 wrote to memory of 2164	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2164	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2164	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2164	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2164	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	29
PID 2256 wrote to memory of 2164	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	29
PID 2256 wrote to memory of 1932	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	30
PID 2256 wrote to memory of 1932	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	30
PID 2256 wrote to memory of 1932	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	30
PID 2256 wrote to memory of 2252	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	31
PID 2256 wrote to memory of 2252	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	31
PID 2256 wrote to memory of 2252	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	31
PID 2256 wrote to memory of 2916	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	32
PID 2256 wrote to memory of 2916	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	32
PID 2256 wrote to memory of 2916	2256	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2368	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2368	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2368	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2600	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2600	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2600	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2600	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2600	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2600	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2700	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	35
PID 2164 wrote to memory of 2700	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	35
PID 2164 wrote to memory of 2700	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	35
PID 2164 wrote to memory of 2704	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	36
PID 2164 wrote to memory of 2704	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	36
PID 2164 wrote to memory of 2704	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	36
PID 2164 wrote to memory of 2732	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	37
PID 2164 wrote to memory of 2732	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	37
PID 2164 wrote to memory of 2732	2164	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	37
PID 2600 wrote to memory of 2624	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	38
PID 2600 wrote to memory of 2624	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	38
PID 2600 wrote to memory of 2624	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	38
PID 2600 wrote to memory of 2628	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	39
PID 2600 wrote to memory of 2628	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	39
PID 2600 wrote to memory of 2628	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	39
PID 2600 wrote to memory of 2056	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	40
PID 2600 wrote to memory of 2056	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	40
PID 2600 wrote to memory of 2056	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	40
PID 2600 wrote to memory of 2612	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	41
PID 2600 wrote to memory of 2612	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	41
PID 2600 wrote to memory of 2612	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	41
PID 2600 wrote to memory of 2928	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	42
PID 2600 wrote to memory of 2928	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	42
PID 2600 wrote to memory of 2928	2600	102e5896e445a7752635627f99b6130f_JaffaCakes118.exe	42

C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  2⤵
  PID:2416
- C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    3⤵
    PID:2368
- - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      4⤵
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      4⤵
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      4⤵
      PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
      4⤵
      PID:2928
- - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    3⤵
    PID:2700
- - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    3⤵
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
    3⤵
    PID:2732
- C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  2⤵
  PID:1932
- C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  2⤵
  PID:2252
- C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\102e5896e445a7752635627f99b6130f_JaffaCakes118.exe
  2⤵
  PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2164-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2164-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2164-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2164-14-0x000007FEF5940000-0x000007FEF62DD000-memory.dmp

Filesize
9.6MB

Download
memory/2164-16-0x000007FEF5940000-0x000007FEF62DD000-memory.dmp

Filesize
9.6MB

Download
memory/2256-0-0x000007FEF5BFE000-0x000007FEF5BFF000-memory.dmp

Filesize
4KB

Download
memory/2256-13-0x000007FEF5940000-0x000007FEF62DD000-memory.dmp

Filesize
9.6MB

Download
memory/2600-15-0x000007FEF5940000-0x000007FEF62DD000-memory.dmp

Filesize
9.6MB

Download
memory/2600-17-0x000007FEF5940000-0x000007FEF62DD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads