61a51c000d46333e51b07da6c2b98a3689a0e425446e7acf7aef5eaf6bd6c0de

Analysis

max time kernel
94s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
Size

314KB
MD5

1aaaf7de2ea20b18d35dcec871b0b356
SHA1

ae630f1d5f737ff43ac930be98bd088030c3b5bf
SHA256

61a51c000d46333e51b07da6c2b98a3689a0e425446e7acf7aef5eaf6bd6c0de
SHA512

755238ac8bf990a0989ab86a816b43a143ea3f07157216fe40952680b2dc667fd56bf9829110329bfd159a1462bfff3f6f22099e59ba0d767edc9dc3f1ab6668
SSDEEP

6144:HkO7RN+uJ4N431ggy41BFzsB1XeBaXm8K0ZIYJ4K7ze6F2y1GWG:HL7WuJ/3bJQ1Ka8ozeE2G

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 2816 set thread context of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 4932 set thread context of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 1032 set thread context of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
Token: SeDebugPrivilege	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
Token: SeDebugPrivilege	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
Token: SeDebugPrivilege	564	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 43 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 4884	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	81
PID 2816 wrote to memory of 4884	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	81
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 2816 wrote to memory of 4932	2816	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	82
PID 4932 wrote to memory of 2064	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	83
PID 4932 wrote to memory of 2064	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	83
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 4932 wrote to memory of 1032	4932	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	84
PID 1032 wrote to memory of 2372	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	85
PID 1032 wrote to memory of 2372	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	85
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 1032 wrote to memory of 564	1032	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	86
PID 564 wrote to memory of 1652	564	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	87
PID 564 wrote to memory of 1652	564	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	87
PID 564 wrote to memory of 3952	564	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	88
PID 564 wrote to memory of 3952	564	1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
  2⤵
  PID:4884
- C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4932
- - C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
    C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
      4⤵
      PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
        5⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
        
        C:\Users\Admin\AppData\Local\Temp\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe
        5⤵
        
        PID:3952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\1aaaf7de2ea20b18d35dcec871b0b356_JaffaCakes118.exe.log

Filesize
224B

MD5
1e4f2a29e11dead55e61329942cd2b14

SHA1
4b3ec9b98797d2f734d67b47cc149546f21cf0af

SHA256
28bbb0da12bd69adc9df324c01392655b788115aba7466f02c23e1ba09f789d4

SHA512
2e28227d898486bfe1cea081df486464b214df50500786e30d6ee9e7d6391f3aacd2f1ed1d0eab60d518bbc79f20f32c226f00ffd70abfe9af45a746cb08416c

Download Submit
memory/1032-10-0x00007FFB9FAA0000-0x00007FFBA0441000-memory.dmp

Filesize
9.6MB

Download
memory/1032-11-0x00007FFB9FAA0000-0x00007FFBA0441000-memory.dmp

Filesize
9.6MB

Download
memory/1032-12-0x00007FFB9FAA0000-0x00007FFBA0441000-memory.dmp

Filesize
9.6MB

Download
memory/2816-0-0x00007FFB9FD55000-0x00007FFB9FD56000-memory.dmp

Filesize
4KB

Download
memory/2816-1-0x000000001B980000-0x000000001BA26000-memory.dmp

Filesize
664KB

Download
memory/2816-2-0x00007FFB9FAA0000-0x00007FFBA0441000-memory.dmp

Filesize
9.6MB

Download
memory/2816-4-0x00007FFB9FAA0000-0x00007FFBA0441000-memory.dmp

Filesize
9.6MB

Download
memory/2816-6-0x00007FFB9FAA0000-0x00007FFBA0441000-memory.dmp

Filesize
9.6MB

Download
memory/4932-8-0x00007FFB9FAA0000-0x00007FFBA0441000-memory.dmp

Filesize
9.6MB

Download
memory/4932-5-0x00007FFB9FAA0000-0x00007FFBA0441000-memory.dmp

Filesize
9.6MB

Download
memory/4932-9-0x00007FFB9FAA0000-0x00007FFBA0441000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads