Analysis
-
max time kernel
149s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
27-06-2024 18:31
Behavioral task
behavioral1
Sample
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe
Resource
win7-20240220-en
5 signatures
150 seconds
General
-
Target
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe
-
Size
646KB
-
MD5
170ff441c07ed2da039aaee890a71020
-
SHA1
1a2faec4551e7ad3bcaa619932d149a1fc1b2e2b
-
SHA256
918b3f5a2c52068990fcce16d25f3e4454f375aceb00cefaaa8fda086bb815cf
-
SHA512
3205f8198b375f8dc07c8c9da5dc822c7202795ba476a7aba8b69b5ecf324455d90f48c3fcfe669170acaa204176989aab09adb08f95dd84300e8d5b93a66115
-
SSDEEP
12288:A8UaT9XY2siA0bMG09xD7I3Gg8ecgVvfBoCDBOQQYbVXpuy1f/gORixC:5UKoN0bUxgGa/pfBHDb+y1HgZw
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exedescription pid process target process PID 968 set thread context of 2396 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe -
Suspicious use of AdjustPrivilegeToken 48 IoCs
Processes:
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exeiexplore.exedescription pid process Token: SeIncreaseQuotaPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeSecurityPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeTakeOwnershipPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeLoadDriverPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeSystemProfilePrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeSystemtimePrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeProfSingleProcessPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeCreatePagefilePrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeBackupPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeRestorePrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeShutdownPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeDebugPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeSystemEnvironmentPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeChangeNotifyPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeRemoteShutdownPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeUndockPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeManageVolumePrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeImpersonatePrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeCreateGlobalPrivilege 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: 33 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: 34 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: 35 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: 36 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe Token: SeIncreaseQuotaPrivilege 2396 iexplore.exe Token: SeSecurityPrivilege 2396 iexplore.exe Token: SeTakeOwnershipPrivilege 2396 iexplore.exe Token: SeLoadDriverPrivilege 2396 iexplore.exe Token: SeSystemProfilePrivilege 2396 iexplore.exe Token: SeSystemtimePrivilege 2396 iexplore.exe Token: SeProfSingleProcessPrivilege 2396 iexplore.exe Token: SeIncBasePriorityPrivilege 2396 iexplore.exe Token: SeCreatePagefilePrivilege 2396 iexplore.exe Token: SeBackupPrivilege 2396 iexplore.exe Token: SeRestorePrivilege 2396 iexplore.exe Token: SeShutdownPrivilege 2396 iexplore.exe Token: SeDebugPrivilege 2396 iexplore.exe Token: SeSystemEnvironmentPrivilege 2396 iexplore.exe Token: SeChangeNotifyPrivilege 2396 iexplore.exe Token: SeRemoteShutdownPrivilege 2396 iexplore.exe Token: SeUndockPrivilege 2396 iexplore.exe Token: SeManageVolumePrivilege 2396 iexplore.exe Token: SeImpersonatePrivilege 2396 iexplore.exe Token: SeCreateGlobalPrivilege 2396 iexplore.exe Token: 33 2396 iexplore.exe Token: 34 2396 iexplore.exe Token: 35 2396 iexplore.exe Token: 36 2396 iexplore.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
iexplore.exepid process 2396 iexplore.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
170ff441c07ed2da039aaee890a71020_JaffaCakes118.exedescription pid process target process PID 968 wrote to memory of 2396 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe PID 968 wrote to memory of 2396 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe PID 968 wrote to memory of 2396 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe PID 968 wrote to memory of 2396 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe PID 968 wrote to memory of 2396 968 170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\170ff441c07ed2da039aaee890a71020_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:968 -
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2396