41091823e82a9380fd9417fa0ad7f6566f94af1c03dd1c51198d00d0cb5931bb

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 09:02

Target

5fd994553eb1de5f5e2b6a246ed4f7c6_JaffaCakes118.exe
Size

904KB
MD5

5fd994553eb1de5f5e2b6a246ed4f7c6
SHA1

f5d14b393d6108a591cbc319f3cc611ad1c782a2
SHA256

41091823e82a9380fd9417fa0ad7f6566f94af1c03dd1c51198d00d0cb5931bb
SHA512

624cfd936522732422675dfb347160cfb5e812fd98a94994587a94a298709b8f15febae61e45064c507d05d44e012698b772eda0e08143a1942c2c07c65e362c
SSDEEP

12288:E10sd6gWUgja/Jne+Tlbrqj/U9fY8BBaCjFFWtTIqUjUhMj7F3qWMU:U0sYgWUEa/Je+Zr4KBsBtTFnaj7QWMU

Score

7^/10

Use of msiexec (install) with remote resource 1 IoCs

pid	Process
2028	MSIEXEC.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2028	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	2028	MSIEXEC.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2028	MSIEXEC.EXE
2028	MSIEXEC.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 2028	3968	5fd994553eb1de5f5e2b6a246ed4f7c6_JaffaCakes118.exe	91
PID 3968 wrote to memory of 2028	3968	5fd994553eb1de5f5e2b6a246ed4f7c6_JaffaCakes118.exe	91
PID 3968 wrote to memory of 2028	3968	5fd994553eb1de5f5e2b6a246ed4f7c6_JaffaCakes118.exe	91

C:\Users\Admin\AppData\Local\Temp\5fd994553eb1de5f5e2b6a246ed4f7c6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5fd994553eb1de5f5e2b6a246ed4f7c6_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Windows\SysWOW64\MSIEXEC.EXE
  MSIEXEC.EXE /i "http://setup.realtimegaming.com/36175/cdn/slotsjungle/Slots Jungle Casino20110225123244.msi" DDC_DID=472980 DDC_RTGURL=http://69.59.134.122/dl/TrackSetup/TrackSetup.aspx?DID=472980%26filename=SlotsJungle%2Eexe SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="5fd994553eb1de5f5e2b6a246ed4f7c6_JaffaCakes118.exe"
  2⤵
  - Use of msiexec (install) with remote resource
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2028

C:\Users\Admin\AppData\Local\Temp\{065374D5-B12D-42CB-A48E-5DE2873C2B88}\0x0409.ini

Filesize
20KB

MD5
36affbd6ff77d1515cfc1c5e998fbaf9

SHA1
950d00ecc2e7fd2c48897814029e8eedf6397838

SHA256
fccc7f79d29318d8ae78850c262bac762c28858709a6e6cf3b62bcd2729a61e3

SHA512
2f29de86d486db783872581a43a834e5064d1488bc3f085ddc5a3287eb9ee8a4ce93d66f7b4965cafb3c4f06b38d4b0fcfdc0fcb1f99d61331a808e5d6011808

Download Submit
C:\Users\Admin\AppData\Local\Temp\{065374D5-B12D-42CB-A48E-5DE2873C2B88}\_ISMSIDEL.INI

Filesize
20B

MD5
db9af7503f195df96593ac42d5519075

SHA1
1b487531bad10f77750b8a50aca48593379e5f56

SHA256
0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13

SHA512
6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~D11D.tmp

Filesize
5KB

MD5
128c000b99ccffc9225e05c23262198f

SHA1
23049f2931cbefcffad359881414e3689c9b2d7b

SHA256
1dffcde352e74d4fc24826a53c9dcd2756923c8680a1732c6181bfb367e82d8f

SHA512
8bc20aca2afb38a1b42a687e04097553c26eb43c151452e18d939768c7d8bb03e7dd03cfc225524420334eca34eff26c475c58571281adaf061e3f7a52c1b0cb

Download Submit