2539b7d829b55c519a119e457ed04c99953b46f0e4e4b17223b32b389f464149

Analysis

max time kernel
131s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 09:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c071cc024e061674adaac7639c1d6ccd_JaffaCakes118.exe
Size

89KB
MD5

c071cc024e061674adaac7639c1d6ccd
SHA1

3f464d167438750b174f27e294af906e6af62c9b
SHA256

2539b7d829b55c519a119e457ed04c99953b46f0e4e4b17223b32b389f464149
SHA512

afc0d840ff93a929635002092fb1ddd54caa9ba7ee13c4b963fecff491184116139aea04d1630cd9277d73f9ebf5c8e2a2ea37ed0b051781c0d653586ae726bb
SSDEEP

768:6RmECQsJcqWgXSBnsLe6pducAjx2pbZhpEO6e:6NCQsWq3LeyducG2jh2O6e

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3144	c071cc024e061674adaac7639c1d6ccd_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 1248	3144	c071cc024e061674adaac7639c1d6ccd_JaffaCakes118.exe	84
PID 3144 wrote to memory of 1248	3144	c071cc024e061674adaac7639c1d6ccd_JaffaCakes118.exe	84
PID 1248 wrote to memory of 372	1248	csc.exe	86
PID 1248 wrote to memory of 372	1248	csc.exe	86

C:\Users\Admin\AppData\Local\Temp\c071cc024e061674adaac7639c1d6ccd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c071cc024e061674adaac7639c1d6ccd_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4f1ycy43\4f1ycy43.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1248
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5FD3.tmp" "c:\Users\Admin\AppData\Local\Temp\4f1ycy43\CSCB61B7A69772C4C89B9CCED934D85B6B.TMP"
    3⤵
    PID:372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4f1ycy43\4f1ycy43.dll

Filesize
9KB

MD5
d22c1b018874697ab96139f393904c13

SHA1
2d430faa61f00d45816235f167c1aae312631d2f

SHA256
f01574f2e729ebb4248698cbdfa8eb5e8e0128e02fdbf57857e29c0429097244

SHA512
f3032f278be0ec495a90a0a2f3821855d09987c8bb28eb4006fd1b098333645028e5f8fcc7724627ba5729a600f7d7576cad8fba03fcf842d492e33a819374e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES5FD3.tmp

Filesize
1KB

MD5
99ccd6f140bc96395440c2fe55b962d8

SHA1
e583b17a2f8ed4b08552db468fc9580f2b6f4caf

SHA256
668cc0538adb78345f7ace4fb7a33d327e9c1a95d3bb55ae2287459d33dd10bd

SHA512
7ff1de7b623528c5cc9380a8eb2c6e2f57785637daa934de424003817a6f9d0f3c9aa7ae15e13984d519a9cb1e417b77d83ee1c6556ede630b1fbf3b5d97d77a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4f1ycy43\4f1ycy43.0.cs

Filesize
6KB

MD5
ccdb48e943fea1ee0478c98f018e29ed

SHA1
252a50839aff2b14860fc98488e0a57f387af296

SHA256
a6c224e696004cd85f5fe01678f99adecd220f0535d3668e0cd0973647a2e136

SHA512
3f6d56979baba82f23e365aead9a1509304f1e5f2d8b22fdee5518aa52a034ceead063754e2551d525eba196d1ba031d46397266e3f9ecd2671a69a83d74d0d4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4f1ycy43\4f1ycy43.cmdline

Filesize
423B

MD5
1dea5a22b99cb989f96a8f980db3b7e9

SHA1
47b8ac7fd6f78cd22f95500d04ad589f4d080a55

SHA256
99c8db5e3a6b05c6e9c3aab0603155311f548ad93d2e6bb2fa15002a9c4d9033

SHA512
d00b32c73c4cd71959b1938bbf7173608807f4ab9cd6fe63642d68d3ecd77ead4161d1f89ecb30e67364cfa914257aa273c67821d4e5c23ca49a8ffc7bbf6998

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\4f1ycy43\CSCB61B7A69772C4C89B9CCED934D85B6B.TMP

Filesize
652B

MD5
78724cb02fab3dee64d3bbf2ed720dd4

SHA1
888c04bdc7fa2e757b80d4434f730428649216cb

SHA256
5a5d8ba22cbbedf93885725c3a8d2a1702e774b376c22b842e93fb2aa412cb88

SHA512
5ddc0601aea5c4054da6528e5342c66d1c5c721f535499c61e40b1cfa0a641f0841aa47c85c86691a2d13e65b14819f8996df2ff9e6458d467ee96ce9156ccdd

Download Submit
memory/3144-6-0x00007FFCB1360000-0x00007FFCB1E21000-memory.dmp

Filesize
10.8MB

Download
memory/3144-0-0x00007FFCB1363000-0x00007FFCB1365000-memory.dmp

Filesize
8KB

Download
memory/3144-15-0x0000000002FD0000-0x0000000002FD8000-memory.dmp

Filesize
32KB

Download
memory/3144-1-0x0000000000F40000-0x0000000000F5C000-memory.dmp

Filesize
112KB

Download
memory/3144-17-0x0000000003120000-0x0000000003132000-memory.dmp

Filesize
72KB

Download
memory/3144-18-0x0000000003180000-0x00000000031BC000-memory.dmp

Filesize
240KB

Download
memory/3144-19-0x00007FFCB1363000-0x00007FFCB1365000-memory.dmp

Filesize
8KB

Download
memory/3144-20-0x00007FFCB1360000-0x00007FFCB1E21000-memory.dmp

Filesize
10.8MB

Download
memory/3144-22-0x00007FFCB1360000-0x00007FFCB1E21000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads