ccfb6343d09540a8ea173d7782138cb991bb7369080facd6602045ec36059131

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19ca649304f1c6f8f0a810684e40cb45_JaffaCakes118.exe
Size

143KB
MD5

19ca649304f1c6f8f0a810684e40cb45
SHA1

273383072b3fc5dadf87bb670a0e9a1631ee64ae
SHA256

ccfb6343d09540a8ea173d7782138cb991bb7369080facd6602045ec36059131
SHA512

cd1de1cfb2d1cb75457aa54f52b6d19df15941c2261e18636b9b89dc6de2e36ae5a8da8cf89b4c168791fe3d9962e8eae1b0372e0ca83c0ea1ef49f778b5d488
SSDEEP

3072:15y4p9S5IVAkAPAsAqYAmEsVEHlWTIGyO2Cz:T2Omx4pmYTI62

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
372	19ca649304f1c6f8f0a810684e40cb45_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	372	19ca649304f1c6f8f0a810684e40cb45_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 2436	372	19ca649304f1c6f8f0a810684e40cb45_JaffaCakes118.exe	85
PID 372 wrote to memory of 2436	372	19ca649304f1c6f8f0a810684e40cb45_JaffaCakes118.exe	85
PID 2436 wrote to memory of 4352	2436	csc.exe	88
PID 2436 wrote to memory of 4352	2436	csc.exe	88

C:\Users\Admin\AppData\Local\Temp\19ca649304f1c6f8f0a810684e40cb45_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19ca649304f1c6f8f0a810684e40cb45_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\pnq24hk3\pnq24hk3.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES57F3.tmp" "c:\Users\Admin\AppData\Local\Temp\pnq24hk3\CSC35E0F3A7FA94FF287E19292FBB5429.TMP"
    3⤵
    PID:4352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES57F3.tmp

Filesize
1KB

MD5
7d5752da92911f484ae8588abb2edfcd

SHA1
b8da07738c64fbfbdf0e207856c677a6e2d3245e

SHA256
803852d675259d3f9ae0c6e3555751bd89476670b0d2db85ae3a4479e609a68d

SHA512
448279345863895903cb6861e52f74bb748f0364b22c04ec830dc53da5caebed34246d12af62e684e0146c127a5dcd53188d72e8cdf4bc7fb745c6c33b74facf

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0t0u4rgq.jxt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\pnq24hk3\pnq24hk3.dll

Filesize
3KB

MD5
5068fa109eba58842312c87ff4b57f2f

SHA1
82805468d5a529894e2f42a698e8d0b1722fe0a6

SHA256
30a7ed4754f44d7042c4facfb94943ac8965594af3e9d1b67df6fad826890c8f

SHA512
2920376df3da62a2b97d07308216b4d1a6ac27b62e3be050c0f0b1e0ce7a3df39272d034576a80ae57744563e6dfd1f44e3277ab195a749340c3b07594a1a126

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\pnq24hk3\CSC35E0F3A7FA94FF287E19292FBB5429.TMP

Filesize
652B

MD5
48adf559a4e544330373263fcdecaf78

SHA1
adbfbdd6fba84bfecd25ca3267ed4f13036fbe9a

SHA256
d8ef980fb3fbd7877de61013367837b309368b41a08b5960f714d72413846099

SHA512
32e85db2864f9e73a2fe40247624964c76d31f5698139a5cbb40d73ba3054334087883fd52b3246a67dbec2a15c777fc19f6a705127cba6fda7b68ab864110f5

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\pnq24hk3\pnq24hk3.0.cs

Filesize
227B

MD5
8201e18ce0e13d53a82c8dd41d5016aa

SHA1
6806ce39c9d3e73571a16ba951f954cc0ee53bb4

SHA256
c271bf46dd724dbc5ea5b7e5864b643ea70b9189b392039ece39dd2704034df3

SHA512
c9e87575db8e9e5650fd4808687bdfd8e462a02ae48d43209f0b3ffe91da79fe0761324628a463ccd67334cc376bb2d661dde2a37a2df1827f93506410680f80

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\pnq24hk3\pnq24hk3.cmdline

Filesize
369B

MD5
c473f3666853987b586136fcf023fb09

SHA1
2f36b353da913c0609a3cbbf085380dd18486825

SHA256
214bb020789406d274c0563564ca60e469909eb6021c622af4ac4672d546a4e9

SHA512
53bd71acc572028c94362f0fed23508af439dca761105cf50a7cf7536bb5a9a2f48869809242db8b2bfbb13111317c0440501534dea927d955754cf9f6759c25

Download Submit
memory/372-11-0x000000001C5B0000-0x000000001C5D2000-memory.dmp

Filesize
136KB

Download
memory/372-14-0x000000001D680000-0x000000001D69E000-memory.dmp

Filesize
120KB

Download
memory/372-13-0x000000001DF60000-0x000000001DFD6000-memory.dmp

Filesize
472KB

Download
memory/372-12-0x00007FFFBAF70000-0x00007FFFBBA31000-memory.dmp

Filesize
10.8MB

Download
memory/372-0-0x00007FFFBAF73000-0x00007FFFBAF75000-memory.dmp

Filesize
8KB

Download
memory/372-27-0x000000001C5A0000-0x000000001C5A8000-memory.dmp

Filesize
32KB

Download
memory/372-1-0x0000000000340000-0x000000000036A000-memory.dmp

Filesize
168KB

Download
memory/372-30-0x00007FFFBAF70000-0x00007FFFBBA31000-memory.dmp

Filesize
10.8MB

Download