8c489230b9a684a16180899ae2b8e89059d276f3598df780397e6194de4e9b2d

Analysis

max time kernel
94s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 16:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

312df2c367cee944852335eab6e2a04f_JaffaCakes118.exe
Size

19KB
MD5

312df2c367cee944852335eab6e2a04f
SHA1

3fc7ba31f96a4322d707b44430c446735cb717d0
SHA256

8c489230b9a684a16180899ae2b8e89059d276f3598df780397e6194de4e9b2d
SHA512

feef22c8ed93536e4e41812af6cf8ccb020cd806652093b381c74c64c7f82553870a58710a3299f7d98134e2bc7c5bb06657158db59bb51884d64b6e4d0fec0b
SSDEEP

384:a0qYE38hIxuA+Qjsh8KRJqfyqPVpn4t3Bh:FKGIxR+lfzqdVp4t33

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1164	3112	WerFault.exe	80
3520	3112	WerFault.exe	80

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3112	312df2c367cee944852335eab6e2a04f_JaffaCakes118.exe
3112	312df2c367cee944852335eab6e2a04f_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3112	312df2c367cee944852335eab6e2a04f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\312df2c367cee944852335eab6e2a04f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\312df2c367cee944852335eab6e2a04f_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3112
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 116844
  2⤵
  - Program crash
  PID:1164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 116716
  2⤵
  - Program crash
  PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3112 -ip 3112
1⤵
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3112 -ip 3112
1⤵
PID:3420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~!#24B.tmp

Filesize
12KB

MD5
281bdee589394fc6a8094613942a0457

SHA1
3041233e3014542501608aa079982232eb584a79

SHA256
5c6d2bd890bbfbf248bb8aa029525213d26911704822eff1625018a11355e413

SHA512
75c3148114e926984a99ef4f219d5e1b037d5f54c066ab5a5c5508eb8947d5c464eb3d1cf47331a0ddbd0b0e57e88647235da2405b0923cc6ec2dbe9f5f5845b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#BC25.tmp

Filesize
9KB

MD5
f79d0cfac5c271b034423ea6df1c593b

SHA1
9d136c46214185916a3ecdc1133f3d9ba4b319c2

SHA256
9078ebb55b86bdde9f3cf7ad3209de2a099b2717d580a2a1a4ef6edad862b084

SHA512
329bf666b137bb278bedcca570b3c0eaacbdf752dbefdfd385d197dda1965c05b4bec4c61baf3362a7e1a0cd00be3c81d36acbf75cbd1a78c15d6bd61f1ac6d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#C8DB.tmp

Filesize
4KB

MD5
ab5ec98bbb5e6434d2ddb83f0023152d

SHA1
b3c9c40f1c2841180c5575295de7758e4ef7d137

SHA256
862ab1a1fe82f33a0813e81158a773d96ddca2e531d351768ab95d49a074637a

SHA512
f23f9450b5df48d9b9e0def5ab9be50ffcb54ff3eecfe15ddb334cdf3342ca161823e84413066f25fe5d4adf193f183cbcbe1919174b55d907beaa29edf092af

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#CFF4.tmp

Filesize
4KB

MD5
522e1c517593bbcd0fab1939d90d47db

SHA1
b249c0859251367e007b4d62407c514e86bbe55c

SHA256
8216746910c21854fede312cf3d9cc5216f072d3a98626d1b7933d1deb9ca88d

SHA512
e945c72c68885e6cf2b1ede2952052b01b333a4f8e9118832e367c7828a8c69db949f5f308280bcd02d2c07a56d88afcdb102000d4fbac08a3e62171851af99e

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#D20D.tmp

Filesize
11KB

MD5
d5a6d9cdf7aebfa91c30b0772df2cc8d

SHA1
aa073f6e23520ef7e0d42480a672c38c58e30295

SHA256
095f6a194aaeefb2c7ff0fc07dbd6a797b85ae25abc4ba84b0616bed23eb8b79

SHA512
acc20a7bcd11ba1855f7c28b0b3915bc25c63ada8e6ea1e7cad3e428d8750bd41d928003637761ab3c1bf4fa5d66cbee402449e88377a8d2b250c1d68b416409

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#D3D7.tmp

Filesize
11KB

MD5
432ec51300eb44285e1ee4927b761b87

SHA1
b49a2951e830cda328dbcd08b373edbf23cfbbde

SHA256
2e07c528d3db0d8bfb9e7d87592ac98796eb3e3951a2dd298073787e2b469436

SHA512
9ae42f3412ed1699ed350e4665ce0d199909b3a41fb3237d9fdf6244d9575c6eb5ef415d658760eb56f4b24134f84c325296f2681f7ee61367155423c00d7015

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E0BA.tmp

Filesize
8KB

MD5
fb9c497870e847bcdced416c691e0a39

SHA1
08403fdb0073b6c39aef229d082f8bace007a928

SHA256
db92fde53e6c9ea63bf81dc77618651a59f3eb7dc3610bb2505a31f10c6b02a0

SHA512
f0eec25a244670201438c88e82f1a8efe82cee1d16fb37fd13286d587410a3b467a2c2d4e9748986987c6a02b7db5f38e8c8767ab331d9ea1f1e18b2e28fec7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E391.tmp

Filesize
10KB

MD5
585d591653571b371cb949083ba299dd

SHA1
cd975270fe87e20042104f38d7d8a71f62e40c74

SHA256
474c578acb65197ed896c26d887ac278b298101003954505f6035343ecc4860a

SHA512
001a497e179b6ef5f2f94cfc47d7247b215d03f564c9cccea7deab672edbc05f3a45163f6bc7405891fd63b0e7b8eb2b7f1203efea2eeb83bb23790e94dd24b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E3EF.tmp

Filesize
10KB

MD5
51c86a5c504c3c14795b90cdf24e5feb

SHA1
5aefee8f23753b9841b094c72907226ee899665b

SHA256
a0f078d0485f6b83a81257040259572e71d7e57d9ccd0f03e675221f83a89fde

SHA512
359b16336917c52ea71a28b971ceea3dfc7a327ca79dedc3eea46492a40892e2d166ecca9d15761c29691b17a21d8dc91279098a9ab7e5c0faf7781046c421a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#E7D3.tmp

Filesize
11KB

MD5
985695d43150efe560c984ab98b35b93

SHA1
030efdf7d332da150e9d0adb47aac3e37e7737e6

SHA256
0dfe62d8bfcc85f2e6ecf660df965abbd8827779bd3ba8b77a525c94c89fd136

SHA512
054f3a4aa135b55b68da366768832b654c326710ffdb69e9815a7c247e384018577ac62f41abbc31cd8c058f27226f4c2a0a30b04417bd79aa99a19ec3d1ce64

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#EC64.tmp

Filesize
9KB

MD5
89bae1144a136947e4707b8ff1490b4d

SHA1
c8e438d2196f8f094d083d575f51bddb4dd96c3b

SHA256
12ffc4f6283ac6b4060af717da09c78e97a0379d7bfe5380207a9f82d973bce4

SHA512
511038e83637dc329f635fc404552c9cef6ab9ac576b07195a3f5060348061a523f02cf6b458d0bc6cae46f448fc11690b4761899c21309813d53a4acc5914c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#F047.tmp

Filesize
9KB

MD5
f7b3ce7fc9d46135ce51464b6073e7f8

SHA1
19c1801898ca8662bc32020e3ae8d4a98acd04c1

SHA256
3bada61ecefd084db9933d560dd8446ecef93150181e7b9eabea366f52e31aaa

SHA512
81247e701b8292915575d568316d28081c80a85a89c957df42f7823de8d4071c177bd776f0be2ee045b5f251c230e49ab10de0881d5e63179726410ead2e5c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#F614.tmp

Filesize
11KB

MD5
14d84ddc69e9f3f6f3fde56315048ce2

SHA1
1819e2ed04bc5e5f23cc99042de077575ea227ec

SHA256
eb18d12a456984336c5a5d8fd17cfffefb022a7ab4b39908b4e7c786fa61458a

SHA512
b17b685dbdd8a3f291af8a0604da3f4ae18ff94d1f9049b2dbefe351d8c1219cf95b6302650a934cb7a881c8035e03c4579b754ec1c8190ad9d0b3deb4dc92bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#F83C.tmp

Filesize
14KB

MD5
8b44b03ca0211146b700682b06562574

SHA1
48e8bd447e437f8404c3e5bd0d3476403eff9fc7

SHA256
f75d0f54c2f3831214ce9ca7c4bd27dc11ab5a82f7ff146dd323c57216d16c59

SHA512
54591b97a9db9e8b89526eb8389e3bd8e583b9611438252551e30227dd0c868382673cf5e3f22662543c80e976011a1840a0e9c8c3e439cac196f12fb3a45ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#FC2F.tmp

Filesize
9KB

MD5
6a5dcb125e0e899dce8655ac7da84c8d

SHA1
ad2146b64ebdb4e081ccead4efb9801a2a745c05

SHA256
a05c9798064d96af0e2b025bdf761b6e6ca8bb9f924367058389b7d076b52347

SHA512
48e70e0f39fc9a10bf1299efcea8665ab7525d55c8294f542dd35d8f3d9a6f4785efe12dacf717599a43ba4e9128a567a876d7a6f5d364828a43c2d4477efccc

Download Submit
memory/3112-0-0x00000000004A0000-0x00000000004A2000-memory.dmp

Filesize
8KB

Download
memory/3112-207-0x00000000004A0000-0x00000000004A2000-memory.dmp

Filesize
8KB

Download