Overview

overview

7

Static

static

3

f2b00b844b...18.exe

windows7-x64

7

f2b00b844b...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2024, 04:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f2b00b844b03ba7fd666c9ac67082c7a_JaffaCakes118.exe

  • Size

    633KB

  • MD5

    f2b00b844b03ba7fd666c9ac67082c7a

  • SHA1

    0753b50e4eb048e0f07759d0e43cc8d9f9336790

  • SHA256

    c92d52915adc6b3a4502451466830c465e0777e38919eee71eb01e15c882f151

  • SHA512

    1fe5a359c96e1e0d2c7022f2fda25ed824646be09463e26dd58b4f2e064648fe2c70c44295b223cd80012ac76b278d3ec1979c6d46dbf8e03c4ffe891ffe10a8

  • SSDEEP

    12288:eS7kG3qDgB1r2KEVb3uJ+O0F3Z4mxx2DqVTVOCzQl:p7klw1rW+JN0QmXVVTzzQl

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f2b00b844b03ba7fd666c9ac67082c7a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f2b00b844b03ba7fd666c9ac67082c7a_JaffaCakes118.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:2636
  • C:\Windows\Hacker.com.cn.exe
    C:\Windows\Hacker.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3032

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Hacker.com.cn.exe
          Filesize

          633KB

          MD5

          f2b00b844b03ba7fd666c9ac67082c7a

          SHA1

          0753b50e4eb048e0f07759d0e43cc8d9f9336790

          SHA256

          c92d52915adc6b3a4502451466830c465e0777e38919eee71eb01e15c882f151

          SHA512

          1fe5a359c96e1e0d2c7022f2fda25ed824646be09463e26dd58b4f2e064648fe2c70c44295b223cd80012ac76b278d3ec1979c6d46dbf8e03c4ffe891ffe10a8

          Download Submit

        • C:\Windows\uninstal.bat
          Filesize

          218B

          MD5

          0b95d32c9fb967e5272b5655546cd223

          SHA1

          2e3b12a355fc9f256e502139f088571f9c80220f

          SHA256

          a0699c5e131d704669f5e16d44dfd1a86309bf7abe990f328fb599e1bcc9d14a

          SHA512

          8593ba3d9d351546eebc97a41fd45377fbcd3b7847bbe20942132cebfd1f5f6ec15eaa40647b8b998a37248007e36cbf7373206d0f0f5581f5fa1a87b076c8f1

          Download Submit

        • memory/1988-14-0x0000000000270000-0x0000000000271000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-13-0x0000000000260000-0x0000000000261000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-9-0x0000000000650000-0x0000000000651000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-8-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-7-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-6-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-5-0x0000000000630000-0x0000000000631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-4-0x0000000000640000-0x0000000000641000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-3-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-2-0x0000000000660000-0x0000000000661000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-11-0x0000000003280000-0x0000000003283000-memory.dmp

          Filesize

          12KB

          Download

        • memory/1988-19-0x0000000000620000-0x0000000000621000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-18-0x0000000000690000-0x0000000000691000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-17-0x00000000032A0000-0x00000000032A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-16-0x00000000032B0000-0x00000000032B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-15-0x00000000032C0000-0x00000000032C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-10-0x0000000003290000-0x0000000003291000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1988-0-0x0000000000400000-0x000000000051F000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1988-1-0x00000000002C0000-0x0000000000314000-memory.dmp

          Filesize

          336KB

          Download

        • memory/1988-39-0x00000000002C0000-0x0000000000314000-memory.dmp

          Filesize

          336KB

          Download

        • memory/1988-38-0x0000000000400000-0x000000000051F000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1988-12-0x0000000003380000-0x0000000003381000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3032-26-0x0000000003260000-0x0000000003261000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3032-27-0x00000000031A0000-0x00000000031A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3032-28-0x0000000003190000-0x0000000003191000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3032-29-0x0000000003180000-0x0000000003181000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3032-30-0x00000000003B0000-0x00000000003B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3032-25-0x0000000003170000-0x0000000003171000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3032-24-0x0000000000520000-0x0000000000574000-memory.dmp

          Filesize

          336KB

          Download

        • memory/3032-23-0x0000000000400000-0x000000000051F000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3032-41-0x0000000000400000-0x000000000051F000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3032-42-0x0000000000520000-0x0000000000574000-memory.dmp

          Filesize

          336KB

          Download

        • memory/3032-44-0x00000000003B0000-0x00000000003B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3032-47-0x0000000000400000-0x000000000051F000-memory.dmp

          Filesize

          1.1MB

          Download