7e48f76fd73effc3040ed8628046e79ee238e2bc36b0a05bacdb1f0cc7287023

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 07:52

Target

27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
Size

14KB
MD5

27cc70fd76aec1b41507c7b2f175fc1a
SHA1

88f9811ae317f6102947dd048b03eadf0f0f20f7
SHA256

7e48f76fd73effc3040ed8628046e79ee238e2bc36b0a05bacdb1f0cc7287023
SHA512

97df8e005101dbff4286327dadf541e417d9f78e5e7c89d69bda1be431735b7bdb20ca7b42efe74df10c02c03886aa225cc2c5484fb302dc3feaa76f0d51bcde
SSDEEP

384:0HJRQ7FYorgFPVu59v8O9C0OWsRUcKdTAsr:4RQjGPVo890OHFKdZr

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\hgfhk.cfg	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\hgfhk.dll	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hgfhk.dll	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msepbe.dll	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\msepbe.dll	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe
3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 3472	3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe	56
PID 3748 wrote to memory of 616	3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe	85
PID 3748 wrote to memory of 616	3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe	85
PID 3748 wrote to memory of 616	3748	27cc70fd76aec1b41507c7b2f175fc1a_JaffaCakes118.exe	85

C:\Windows\SysWOW64\hgfhk.dll

Filesize
10KB

MD5
98a003317568207ff6b7b29d966a45b2

SHA1
31f458c377ddc03b33985abe27e14568a25ef991

SHA256
cc8dd14d8039eeafce40b27bfc3e2e23c32878a6e79a0992ff8d932fa13fa64d

SHA512
e0682b195b1bc1b1fe37d441b1522e43cfe267d397897d2f1e6ab0a32172897c95a7017b73fce7d4964d967a00c4d44aad088765884b0f04ececd8e236ea986d

Download Submit
memory/3748-6-0x000000000F000000-0x000000000F015000-memory.dmp

Filesize
84KB

Download
memory/3748-9-0x000000000F000000-0x000000000F015000-memory.dmp

Filesize
84KB

Download