Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
27-06-2024 18:31
Behavioral task
behavioral1
Sample
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe
-
Size
646KB
-
MD5
170ff441c07ed2da039aaee890a71020
-
SHA1
1a2faec4551e7ad3bcaa619932d149a1fc1b2e2b
-
SHA256
918b3f5a2c52068990fcce16d25f3e4454f375aceb00cefaaa8fda086bb815cf
-
SHA512
3205f8198b375f8dc07c8c9da5dc822c7202795ba476a7aba8b69b5ecf324455d90f48c3fcfe669170acaa204176989aab09adb08f95dd84300e8d5b93a66115
-
SSDEEP
12288:A8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixC:5UKoN0bUxgGa/pfBHDb+y1HgZw
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exedescription pid process target process PID 2856 set thread context of 2252 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe -
Suspicious use of AdjustPrivilegeToken 46 IoCs
Processes:
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exeiexplore.exedescription pid process Token: SeIncreaseQuotaPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeSecurityPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeTakeOwnershipPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeLoadDriverPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeSystemProfilePrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeSystemtimePrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeProfSingleProcessPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeCreatePagefilePrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeBackupPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeRestorePrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeShutdownPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeDebugPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeSystemEnvironmentPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeChangeNotifyPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeRemoteShutdownPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeUndockPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeManageVolumePrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeImpersonatePrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeCreateGlobalPrivilege 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: 33 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: 34 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: 35 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeIncreaseQuotaPrivilege 2252 iexplore.exe Token: SeSecurityPrivilege 2252 iexplore.exe Token: SeTakeOwnershipPrivilege 2252 iexplore.exe Token: SeLoadDriverPrivilege 2252 iexplore.exe Token: SeSystemProfilePrivilege 2252 iexplore.exe Token: SeSystemtimePrivilege 2252 iexplore.exe Token: SeProfSingleProcessPrivilege 2252 iexplore.exe Token: SeIncBasePriorityPrivilege 2252 iexplore.exe Token: SeCreatePagefilePrivilege 2252 iexplore.exe Token: SeBackupPrivilege 2252 iexplore.exe Token: SeRestorePrivilege 2252 iexplore.exe Token: SeShutdownPrivilege 2252 iexplore.exe Token: SeDebugPrivilege 2252 iexplore.exe Token: SeSystemEnvironmentPrivilege 2252 iexplore.exe Token: SeChangeNotifyPrivilege 2252 iexplore.exe Token: SeRemoteShutdownPrivilege 2252 iexplore.exe Token: SeUndockPrivilege 2252 iexplore.exe Token: SeManageVolumePrivilege 2252 iexplore.exe Token: SeImpersonatePrivilege 2252 iexplore.exe Token: SeCreateGlobalPrivilege 2252 iexplore.exe Token: 33 2252 iexplore.exe Token: 34 2252 iexplore.exe Token: 35 2252 iexplore.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
iexplore.exepid process 2252 iexplore.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exedescription pid process target process PID 2856 wrote to memory of 2252 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe PID 2856 wrote to memory of 2252 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe PID 2856 wrote to memory of 2252 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe PID 2856 wrote to memory of 2252 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe PID 2856 wrote to memory of 2252 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe PID 2856 wrote to memory of 2252 2856 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2252