3bf2c814ade54ce77c12ad089043709d78281e6b0433fbbd8010663e01a976b8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f0794d5310c299d4ac102beda80eaea9.exe
Size

24KB
MD5

f0794d5310c299d4ac102beda80eaea9
SHA1

b308cb9f762bc27ce502ae5c9ed7deab7885f028
SHA256

3bf2c814ade54ce77c12ad089043709d78281e6b0433fbbd8010663e01a976b8
SHA512

1c5b323f445c258a1db87621e68c479b526f72097f3025b2698a06d6c6da1f4fc5ab5967d2a09d5de5b616c174456f886f83404251f11af9c371700d742390e4
SSDEEP

192:QNrAjPzOpqUg7oGtl7E3cCVLGxjMPeuxVGpwHVboitxI0:QNrAnAELb7r+u1Iu6FoizI0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 56 IoCs

Web Service

T1102

flow	ioc
15	pastebin.com
16	pastebin.com
51	pastebin.com
70	pastebin.com
80	pastebin.com
91	pastebin.com
19	pastebin.com
64	pastebin.com
67	pastebin.com
82	pastebin.com
89	pastebin.com
21	pastebin.com
69	pastebin.com
25	pastebin.com
46	pastebin.com
87	pastebin.com
94	pastebin.com
31	pastebin.com
38	pastebin.com
85	pastebin.com
30	pastebin.com
79	pastebin.com
90	pastebin.com
47	pastebin.com
50	pastebin.com
68	pastebin.com
81	pastebin.com
54	pastebin.com
59	pastebin.com
63	pastebin.com
66	pastebin.com
76	pastebin.com
56	pastebin.com
32	pastebin.com
52	pastebin.com
65	pastebin.com
20	pastebin.com
48	pastebin.com
83	pastebin.com
53	pastebin.com
26	pastebin.com
77	pastebin.com
86	pastebin.com
88	pastebin.com
93	pastebin.com
61	pastebin.com
100	pastebin.com
29	pastebin.com
72	pastebin.com
78	pastebin.com
92	pastebin.com
95	pastebin.com
49	pastebin.com
55	pastebin.com
62	pastebin.com
84	pastebin.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2820	JaffaCakes118_f0794d5310c299d4ac102beda80eaea9.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f0794d5310c299d4ac102beda80eaea9.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f0794d5310c299d4ac102beda80eaea9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2820-0-0x00007FFC0FC45000-0x00007FFC0FC46000-memory.dmp

Filesize
4KB

Download
memory/2820-1-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2820-2-0x000000001B700000-0x000000001BBCE000-memory.dmp

Filesize
4.8MB

Download
memory/2820-3-0x000000001B120000-0x000000001B1C6000-memory.dmp

Filesize
664KB

Download
memory/2820-4-0x000000001BC40000-0x000000001BCA2000-memory.dmp

Filesize
392KB

Download
memory/2820-5-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2820-6-0x00007FFC0FC45000-0x00007FFC0FC46000-memory.dmp

Filesize
4KB

Download
memory/2820-7-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download
memory/2820-8-0x00007FFC0F990000-0x00007FFC10331000-memory.dmp

Filesize
9.6MB

Download