b93fe2d061d574e64e459814ad0b689a9ca2549325dc2c4e125823dd2922fda5

Analysis

max time kernel
140s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe
Size

290KB
MD5

45c2f39aa4bb5b88dfa997e55a6f4dd7
SHA1

713d71ca9a99b9e14fdc31527dd03151deb0a3ab
SHA256

b93fe2d061d574e64e459814ad0b689a9ca2549325dc2c4e125823dd2922fda5
SHA512

1523bd72b71a536a5d9d31fd7f3dbc4fd9ebbc2724b0278b6ec11034fbffc664e1cc7cfa6dc0cb40678cad42203579622fea3a89bf2c7e99c53184ce4d68c79f
SSDEEP

6144:MVDIykF3mQt0fZv9YC5fn+aCyIK3ccnMxj6YClOa:MhedmUWY2W1K3DnsZCc

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3356	45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3356	45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe
3356	45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe
3356	45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe
3356	45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3820	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3820	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45c2f39aa4bb5b88dfa997e55a6f4dd7_JaffaCakes118.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3356-0-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-1-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/3356-2-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/3356-4-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/3356-3-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/3356-6-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/3356-5-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/3356-7-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/3356-8-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/3356-9-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-10-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-11-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-12-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-13-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-14-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-15-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-16-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-17-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-18-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-19-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-20-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-21-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-22-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3356-23-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download