9ae291c1846c4446cf87fd9a20fe1bfa63e7a5509e72c4cc98ca87daf7092539

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Size

112KB
MD5

5488e4d74e95282b7e889f4351c3bceb
SHA1

316420d9cb08b54486ab4c4f009eef2fc4a09bfc
SHA256

9ae291c1846c4446cf87fd9a20fe1bfa63e7a5509e72c4cc98ca87daf7092539
SHA512

068ba113a2c7af3aa947d09b68bb30daf3087d0b2aa4e1c011880c51bedf47a742496c608fb2a9005c9506cd9041f2911fc121c3e9290250bb0efa4a0f44b3db
SSDEEP

1536:Tm0tA/ypRDjmEsIA7ULiZstfm/qAiQ76MQPfrL0Xj+NpyD2Wt7r7K8EbW:Tm0tA/4jfaU1f3AiMIPMX+xWtzKn

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 62 IoCs

description	pid	Process	procid_target
PID 1688 set thread context of 2068	1688	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	84
PID 2068 set thread context of 4564	2068	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	85
PID 4564 set thread context of 3540	4564	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	86
PID 3540 set thread context of 3536	3540	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	88
PID 3536 set thread context of 4292	3536	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	90
PID 4292 set thread context of 4632	4292	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	91
PID 4632 set thread context of 232	4632	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	92
PID 232 set thread context of 1656	232	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	94
PID 1656 set thread context of 5052	1656	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	95
PID 5052 set thread context of 3312	5052	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	96
PID 3312 set thread context of 2464	3312	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	97
PID 2464 set thread context of 4544	2464	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	98
PID 4544 set thread context of 3744	4544	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	99
PID 3744 set thread context of 2920	3744	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	100
PID 2920 set thread context of 3404	2920	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	101
PID 3404 set thread context of 3028	3404	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	104
PID 3028 set thread context of 4008	3028	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	105
PID 4008 set thread context of 1824	4008	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	106
PID 1824 set thread context of 1536	1824	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	107
PID 1536 set thread context of 1276	1536	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	108
PID 1276 set thread context of 4928	1276	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	109
PID 4928 set thread context of 3188	4928	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	110
PID 3188 set thread context of 5080	3188	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	111
PID 5080 set thread context of 4440	5080	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	112
PID 4440 set thread context of 4952	4440	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	114
PID 4952 set thread context of 1948	4952	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	116
PID 1948 set thread context of 1652	1948	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	117
PID 1652 set thread context of 1136	1652	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	118
PID 1136 set thread context of 2140	1136	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	119
PID 2140 set thread context of 1792	2140	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	120
PID 1792 set thread context of 2444	1792	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	121
PID 2444 set thread context of 3360	2444	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	122
PID 3360 set thread context of 5040	3360	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	123
PID 5040 set thread context of 2556	5040	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	124
PID 2556 set thread context of 1032	2556	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	125
PID 1032 set thread context of 4348	1032	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	126
PID 4348 set thread context of 3020	4348	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	127
PID 3020 set thread context of 4360	3020	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	128
PID 4360 set thread context of 208	4360	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	129
PID 208 set thread context of 3952	208	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	130
PID 3952 set thread context of 1484	3952	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	131
PID 1484 set thread context of 2712	1484	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	132
PID 2712 set thread context of 4948	2712	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	133
PID 4948 set thread context of 2460	4948	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	134
PID 2460 set thread context of 2344	2460	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	135
PID 2344 set thread context of 4964	2344	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	136
PID 4964 set thread context of 4500	4964	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	137
PID 4500 set thread context of 3436	4500	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	138
PID 3436 set thread context of 3208	3436	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	140
PID 3208 set thread context of 4216	3208	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	141
PID 4216 set thread context of 2588	4216	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	142
PID 2588 set thread context of 3700	2588	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	143
PID 3700 set thread context of 1640	3700	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	144
PID 1640 set thread context of 3368	1640	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	145
PID 3368 set thread context of 3552	3368	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	146
PID 3552 set thread context of 4376	3552	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	147
PID 4376 set thread context of 1620	4376	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	148
PID 1620 set thread context of 5064	1620	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	149
PID 5064 set thread context of 2872	5064	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	150
PID 2872 set thread context of 4884	2872	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	151
PID 4884 set thread context of 4880	4884	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	152
PID 4880 set thread context of 544	4880	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	153

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeDebugPrivilege	1688	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2068	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4564	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3540	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3536	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4292	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4632	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	232	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1656	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	5052	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3312	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2464	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4544	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3744	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2920	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3404	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3028	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4008	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1824	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1536	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1276	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4928	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3188	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	5080	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4440	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4952	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1948	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1652	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1136	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2140	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1792	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2444	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3360	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	5040	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2556	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1032	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4348	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3020	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4360	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	208	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3952	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1484	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2712	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4948	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2460	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2344	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4964	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4500	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3436	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3208	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4216	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2588	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3700	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1640	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3368	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	3552	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4376	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	1620	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	5064	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	2872	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4884	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
Token: SeDebugPrivilege	4880	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2068	1688	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	84
PID 1688 wrote to memory of 2068	1688	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	84
PID 2068 wrote to memory of 4564	2068	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	85
PID 2068 wrote to memory of 4564	2068	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	85
PID 2068 wrote to memory of 4564	2068	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	85
PID 2068 wrote to memory of 4564	2068	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	85
PID 2068 wrote to memory of 4564	2068	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	85
PID 4564 wrote to memory of 3540	4564	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	86
PID 4564 wrote to memory of 3540	4564	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	86
PID 4564 wrote to memory of 3540	4564	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	86
PID 4564 wrote to memory of 3540	4564	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	86
PID 4564 wrote to memory of 3540	4564	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	86
PID 3540 wrote to memory of 3536	3540	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	88
PID 3540 wrote to memory of 3536	3540	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	88
PID 3540 wrote to memory of 3536	3540	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	88
PID 3540 wrote to memory of 3536	3540	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	88
PID 3540 wrote to memory of 3536	3540	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	88
PID 3536 wrote to memory of 4292	3536	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	90
PID 3536 wrote to memory of 4292	3536	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	90
PID 4292 wrote to memory of 4632	4292	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	91
PID 4292 wrote to memory of 4632	4292	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	91
PID 4292 wrote to memory of 4632	4292	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	91
PID 4292 wrote to memory of 4632	4292	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	91
PID 4292 wrote to memory of 4632	4292	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	91
PID 4632 wrote to memory of 232	4632	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	92
PID 4632 wrote to memory of 232	4632	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	92
PID 232 wrote to memory of 1656	232	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	94
PID 232 wrote to memory of 1656	232	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	94
PID 232 wrote to memory of 1656	232	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	94
PID 232 wrote to memory of 1656	232	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	94
PID 232 wrote to memory of 1656	232	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	94
PID 1656 wrote to memory of 5052	1656	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	95
PID 1656 wrote to memory of 5052	1656	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	95
PID 1656 wrote to memory of 5052	1656	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	95
PID 1656 wrote to memory of 5052	1656	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	95
PID 1656 wrote to memory of 5052	1656	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	95
PID 5052 wrote to memory of 3312	5052	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	96
PID 5052 wrote to memory of 3312	5052	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	96
PID 5052 wrote to memory of 3312	5052	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	96
PID 5052 wrote to memory of 3312	5052	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	96
PID 5052 wrote to memory of 3312	5052	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	96
PID 3312 wrote to memory of 2464	3312	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	97
PID 3312 wrote to memory of 2464	3312	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	97
PID 3312 wrote to memory of 2464	3312	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	97
PID 3312 wrote to memory of 2464	3312	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	97
PID 3312 wrote to memory of 2464	3312	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	97
PID 2464 wrote to memory of 4544	2464	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	98
PID 2464 wrote to memory of 4544	2464	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	98
PID 2464 wrote to memory of 4544	2464	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	98
PID 2464 wrote to memory of 4544	2464	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	98
PID 2464 wrote to memory of 4544	2464	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	98
PID 4544 wrote to memory of 3744	4544	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	99
PID 4544 wrote to memory of 3744	4544	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	99
PID 4544 wrote to memory of 3744	4544	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	99
PID 4544 wrote to memory of 3744	4544	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	99
PID 4544 wrote to memory of 3744	4544	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	99
PID 3744 wrote to memory of 2920	3744	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	100
PID 3744 wrote to memory of 2920	3744	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	100
PID 3744 wrote to memory of 2920	3744	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	100
PID 3744 wrote to memory of 2920	3744	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	100
PID 3744 wrote to memory of 2920	3744	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	100
PID 2920 wrote to memory of 3404	2920	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	101
PID 2920 wrote to memory of 3404	2920	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	101
PID 3404 wrote to memory of 3028	3404	5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe	104

C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2068
- - C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
      4⤵
      Suspicious use of SetThreadContext
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        5⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        6⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        7⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        8⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        9⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        10⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        11⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        12⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        13⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        14⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        15⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        16⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        17⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        18⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        19⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        20⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        21⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        22⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        23⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        24⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        25⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        26⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        27⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        28⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        29⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        30⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        31⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        32⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        33⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        34⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        35⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        36⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        37⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        38⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        39⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        40⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        41⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        42⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        43⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        44⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        45⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        46⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        47⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        48⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        49⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        50⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        51⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        52⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        53⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        54⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        55⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        56⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        57⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        58⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        59⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        60⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        61⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        62⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe
        
        63⤵
        
        PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\5488e4d74e95282b7e889f4351c3bceb_JaffaCakes118.exe.log

Filesize
128B

MD5
3d238ac6dd6710907edf2ad7893a0ed2

SHA1
b07aaeeb31bdc6e94097a254be088b092dc1fb68

SHA256
02d215d5b6ea166e6c4c4669547cbadecbb427d5baf394fbffc7ef374a967501

SHA512
c358aa68303aa99ebc019014b4c1fc2fbfa98733f1ea863bf78ca2b877dc5c610121115432d96504df9e43bdda637b067359b07228b6f129bc5ec9a01ed3ee24

Download Submit
memory/1688-7-0x00007FFD67E80000-0x00007FFD68821000-memory.dmp

Filesize
9.6MB

Download
memory/1688-2-0x0000000000C10000-0x0000000000C20000-memory.dmp

Filesize
64KB

Download
memory/1688-3-0x000000001B240000-0x000000001B268000-memory.dmp

Filesize
160KB

Download
memory/1688-4-0x00007FFD67E80000-0x00007FFD68821000-memory.dmp

Filesize
9.6MB

Download
memory/1688-1-0x00007FFD67E80000-0x00007FFD68821000-memory.dmp

Filesize
9.6MB

Download
memory/1688-0-0x00007FFD68135000-0x00007FFD68136000-memory.dmp

Filesize
4KB

Download
memory/1688-8-0x00007FFD67E80000-0x00007FFD68821000-memory.dmp

Filesize
9.6MB

Download
memory/2068-9-0x00007FFD67E80000-0x00007FFD68821000-memory.dmp

Filesize
9.6MB

Download
memory/2068-10-0x00007FFD67E80000-0x00007FFD68821000-memory.dmp

Filesize
9.6MB

Download
memory/2068-11-0x00007FFD67E80000-0x00007FFD68821000-memory.dmp

Filesize
9.6MB

Download
memory/2068-12-0x00007FFD67E80000-0x00007FFD68821000-memory.dmp

Filesize
9.6MB

Download
memory/4564-13-0x00007FFD67E80000-0x00007FFD68821000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads