f2417653083b3009a0054a808951c5f50c6aacded3bb2c516fd70d96d8fab860

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 11:46

Target

af175acd9e1da5c5621b5aa5c8f1b929_JaffaCakes118.exe
Size

192KB
MD5

af175acd9e1da5c5621b5aa5c8f1b929
SHA1

5192519242d2758a259489afe58a660a49bb98fb
SHA256

f2417653083b3009a0054a808951c5f50c6aacded3bb2c516fd70d96d8fab860
SHA512

b94c487e416048f45323d227d4019a6f2aa0a9e8e75bc65890386580805efc1dd67d14ec3bb45f801e76c484e44f33f7077729c3d5a07ee4dd21434999c546ef
SSDEEP

1536:sKgUtLQoTyQaVVVR7b9fLsVsZSUqOpBvglkkkkuLfKBnVKMkYIR3/XMFe:DgUtsoyQq9X6gBvglZYPXMFe

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3000	cmd.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\del.bat	af175acd9e1da5c5621b5aa5c8f1b929_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2288	af175acd9e1da5c5621b5aa5c8f1b929_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2288	af175acd9e1da5c5621b5aa5c8f1b929_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 3000	2288	af175acd9e1da5c5621b5aa5c8f1b929_JaffaCakes118.exe	31
PID 2288 wrote to memory of 3000	2288	af175acd9e1da5c5621b5aa5c8f1b929_JaffaCakes118.exe	31
PID 2288 wrote to memory of 3000	2288	af175acd9e1da5c5621b5aa5c8f1b929_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\af175acd9e1da5c5621b5aa5c8f1b929_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\af175acd9e1da5c5621b5aa5c8f1b929_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\system32\cmd.exe
  cmd /c ""C:\Windows\system32\del.bat" "
  2⤵
  - Deletes itself
  PID:3000

C:\Windows\System32\del.bat

Filesize
217B

MD5
e5f6618ceee81b485d333a9615588499

SHA1
56d3ef16de8e695cd65970c0a60e88282f06d8ba

SHA256
9d204dd0df61483d91dbf2afca7ae0be7560140e658817c05156db70951a657b

SHA512
bec91d2ac27b4b5cf89eec7713fdfef8308d401a709081d0083735c39449fde92720333ab88f5fdd838f1d5e5cfe67e438222275bfb33f9e5d49922bff4a5349

Download Submit
memory/2288-0-0x000007FEF57CE000-0x000007FEF57CF000-memory.dmp

Filesize
4KB

Download
memory/2288-10-0x000007FEF5510000-0x000007FEF5EAD000-memory.dmp

Filesize
9.6MB

Download