Overview

overview

5

Static

static

3

0c50346181...18.exe

windows7-x64

5

0c50346181...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe

  • Size

    304KB

  • MD5

    0c503461814637dfa29836cd4efddef6

  • SHA1

    768cb7a61273806850287fb711e4b39b69f75399

  • SHA256

    bd5c54fe8589b6fce8fa83e7735ac4b51fc9c2fcc85cd2331d45bfa21151f6f8

  • SHA512

    7ba282fdd7b184033ee4e58525d5eed60377e3220d6e1998cc01e1a151eb37f5aaaf42bd3f4da9021342f9f001116f151a98ec48409a2f4c95608ba4ef56a401

  • SSDEEP

    6144:a0iMIPMXQbH+wXktj9Py68P+nVP59/LCrrqtOQCth3B:a0iMFQbewXQj9666+VBNuqJCthR

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 46 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3248
      • C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:700
        • C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe
          4⤵
          • Suspicious use of SetThreadContext
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:796
          • C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe
            5⤵
            • Suspicious use of SetThreadContext
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1468
            • C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe
              6⤵
              • Suspicious use of SetThreadContext
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3668
              • C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe
                7⤵
                • Suspicious use of SetThreadContext
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1252
                • C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe
                  8⤵
                  • Suspicious use of SetThreadContext
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4364
                  • C:\Users\Admin\AppData\Local\Temp\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe
                    9⤵
                    • Suspicious use of UnmapMainImage
                    PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\0c503461814637dfa29836cd4efddef6_JaffaCakes118.exe.log
    Filesize

    128B

    MD5

    3d238ac6dd6710907edf2ad7893a0ed2

    SHA1

    b07aaeeb31bdc6e94097a254be088b092dc1fb68

    SHA256

    02d215d5b6ea166e6c4c4669547cbadecbb427d5baf394fbffc7ef374a967501

    SHA512

    c358aa68303aa99ebc019014b4c1fc2fbfa98733f1ea863bf78ca2b877dc5c610121115432d96504df9e43bdda637b067359b07228b6f129bc5ec9a01ed3ee24

    Download Submit

  • memory/700-16-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/700-15-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/700-14-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/700-13-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1480-4-0x000000001BC60000-0x000000001BC88000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1480-6-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1480-9-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1480-0-0x00007FFBC2F65000-0x00007FFBC2F66000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1480-3-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1480-2-0x000000001BB20000-0x000000001BB30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1480-1-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3248-10-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3248-8-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3248-11-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3248-12-0x00007FFBC2CB0000-0x00007FFBC3651000-memory.dmp

    Filesize

    9.6MB

    Download