0c1470cd75cebc74c2b9df3dfb6b80ea23470032652ef3d8cde983939037db95

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 22:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe
Size

356KB
MD5

4bbf46126d9abe2edd4d2ca59316f7ee
SHA1

df3a0d3f52cf95a4207216a1ca5b1f61c0ee3c86
SHA256

0c1470cd75cebc74c2b9df3dfb6b80ea23470032652ef3d8cde983939037db95
SHA512

861ae75ab23b570e12edbfb5f2494b35ee78d14ec6110f067e4ec43681aba664eab2eeedbecbe3454db1bcac46b8f6a324a850acb406c0fe053fd115bd8da3eb
SSDEEP

6144:utx9duyNdNILgM2u+nmzK6QgSuHL5vj6pNqAxrcxnE1CQcYI8+yXObxKqG9FP:ut5j/IEGpzK6FSkFvbAeF0CxYgdbiP

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rsaauto.bak	4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\systom32\	4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe
File created	C:\Windows\systom32\svchost.exe	4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe
File opened for modification	C:\Windows\systom32\svchost.exe	4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
652	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeRestorePrivilege	1188	4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 3056	1188	4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe	84
PID 1188 wrote to memory of 3056	1188	4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe	84
PID 1188 wrote to memory of 3056	1188	4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4bbf46126d9abe2edd4d2ca59316f7ee_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c afc9fe2f418b00a0.bat
  2⤵
  PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\afc9fe2f418b00a0.bat

Filesize
2KB

MD5
2b66ccaf5e536eec8abb89f5930d1941

SHA1
57c22e6eb537471f1a0c6133c94aeca39f04772b

SHA256
e6c3e0c193c8b017ec0855428a31073cafdfa9fe1bcf11fd3b5b5506a837351f

SHA512
22de4ffc1994ebede9a407f3f8c2e21519dd506869ae89f36bcddeedcf5c9c9889f91b6245b3380c50c5cadeb79fa212f95b9d98ce2c3a23d703cb232908b76c

Download Submit
memory/1188-0-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/1188-1-0x0000000000A80000-0x0000000000ADA000-memory.dmp

Filesize
360KB

Download
memory/1188-2-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/1188-12-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/1188-11-0x00000000032A0000-0x00000000032B3000-memory.dmp

Filesize
76KB

Download
memory/1188-10-0x00000000032A0000-0x00000000032B3000-memory.dmp

Filesize
76KB

Download
memory/1188-9-0x00000000032A0000-0x00000000032B3000-memory.dmp

Filesize
76KB

Download
memory/1188-8-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1188-7-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1188-6-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/1188-5-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/1188-4-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download
memory/1188-3-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1188-13-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1188-16-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/1188-27-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/1188-68-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-67-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-66-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-65-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-64-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-63-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-62-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-60-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-59-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-58-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-57-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-56-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-54-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-55-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-53-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-52-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-51-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-50-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-49-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-48-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-47-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-46-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-45-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-44-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-40-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-41-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-43-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-42-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-39-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-38-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-37-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-36-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-35-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-34-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-33-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-32-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/1188-31-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/1188-30-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/1188-29-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/1188-28-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/1188-26-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/1188-25-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/1188-24-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/1188-15-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/1188-14-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/1188-74-0x0000000000A80000-0x0000000000ADA000-memory.dmp

Filesize
360KB

Download
memory/1188-23-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/1188-22-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/1188-21-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/1188-18-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/1188-17-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/1188-75-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download