711899e69794dd08c0fc0b1d430e04c4ffdeab3ddbd22fe0eb0b1c339fa24c72

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 00:41

Target

240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe
Size

18KB
MD5

240cbf780a4c124d5fe65c907f05912a
SHA1

2da38acaef36127a567a8d9baf99e34a1ca28dbc
SHA256

711899e69794dd08c0fc0b1d430e04c4ffdeab3ddbd22fe0eb0b1c339fa24c72
SHA512

bbe5acb9e7853885975f5d5a843fe80c507040d01a93b577f26f7a4fc925d4f4a32da671db918468272141e87130881b34064221674cd626177a872392f26b9b
SSDEEP

384:enZ0cG+gyV8ctVse9Z/W0S6v7/Yo6QFL6F77DGlE8saa+y:enCkgyVye9Z/Wd6v8odLJa+y

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ddraw.dll.dat	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ddraw.dll.dat	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system\mfc7A3F.ime	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe
File opened for modification	C:\Windows\system\mfc7A3F.ime	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2616	2064	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2064	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe
Token: SeDebugPrivilege	2064	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2616	2064	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe	28
PID 2064 wrote to memory of 2616	2064	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe	28
PID 2064 wrote to memory of 2616	2064	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe	28
PID 2064 wrote to memory of 2616	2064	240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\240cbf780a4c124d5fe65c907f05912a_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 208
  2⤵
  - Program crash
  PID:2616

C:\Windows\system\mfc7A3F.ime

Filesize
22KB

MD5
f5b5fd8631d1e64e2e6c15cb1280d86f

SHA1
0fd0418852104e94a7ec3b3a81e95fff6409acde

SHA256
7956ff37840dbb74d1f15ebc9bb439bf9887224ba1e9a9df9bf440522f1280c9

SHA512
c035b6e88b14e1c315cc2df3bb320800ae8d342a4ab8daaad64803d4fae60e172523f3390dd956ae3b65af32ba0d8a71e877b9c61582e21c8cd71701aa430084

Download Submit