18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe
Size

906.0MB
MD5

4e3fcd320f3c09ce853af113918939d5
SHA1

de2cb6ccbf2d91b5ffdd1091bab5ec20bb90aa2b
SHA256

18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0
SHA512

2f1cd98e4b822acacde9499b89cb0ca194eaee3deb8e1a8c1028d70811356c5ded156966b50c4aeb2489b88c2f88469fdb26a52e6f1920f8cdd38b8abc190ae7
SSDEEP

98304:x0A+OS/5mKctYIWOcNZE5JJKqEDkwhrrm5jMtunv:x0A05zH

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2340	JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe
2340	JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2340	JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 936	2340	JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe	31
PID 2340 wrote to memory of 936	2340	JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe	31
PID 2340 wrote to memory of 936	2340	JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe	31
PID 2340 wrote to memory of 936	2340	JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe	31

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_18e658ec363968bf44dd6fcc8fb015a34441c346b8c196d0ae320173d48b98d0.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2340-0-0x000007FEF4F13000-0x000007FEF4F14000-memory.dmp

Filesize
4KB

Download
memory/2340-1-0x00000000011B0000-0x0000000001342000-memory.dmp

Filesize
1.6MB

Download
memory/2340-2-0x00000000006E0000-0x000000000076C000-memory.dmp

Filesize
560KB

Download
memory/2340-3-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-18-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-20-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-50-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-52-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-64-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-66-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-63-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-60-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-58-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-56-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-54-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-48-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-47-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-44-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-42-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-40-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-38-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-36-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-34-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-32-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-30-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-28-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-26-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-24-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-22-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-16-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-14-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-12-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-10-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-8-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-6-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-4-0x00000000006E0000-0x0000000000767000-memory.dmp

Filesize
540KB

Download
memory/2340-67-0x000007FEF4F10000-0x000007FEF58FC000-memory.dmp

Filesize
9.9MB

Download
memory/2340-68-0x000007FEF4F10000-0x000007FEF58FC000-memory.dmp

Filesize
9.9MB

Download