d131111b8dd626cf9d217fa4daff441fdfb4c71308841bf339659ab7eb803705

Analysis

max time kernel
139s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 04:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d54673be03f5ac0529ff7d08a3a814f_JaffaCakes118.exe
Size

178KB
MD5

2d54673be03f5ac0529ff7d08a3a814f
SHA1

976938d9bde06c0d7d23fa89be741d5b5d4c77d1
SHA256

d131111b8dd626cf9d217fa4daff441fdfb4c71308841bf339659ab7eb803705
SHA512

a62dceb92cf6ff25cfc495f4c94f9dbb754cc6bc60033bde32f39378526a5428d9955b6ebcd30283fa3e536560d6add0a244a59d232bf487f5096393e5110f0d
SSDEEP

1536:owz/ODxXYbN1Oz6B+uoIgs3Z/ObVtBZwMlTJ3ScZ45gQYK/TAJPT4Up4ewWrZ+yL:Vrtou45zbHbwaTJCcZ+2gTA51NJgyL

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3276	icacls.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2172	2d54673be03f5ac0529ff7d08a3a814f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1644	java.exe
1644	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1644	2172	2d54673be03f5ac0529ff7d08a3a814f_JaffaCakes118.exe	85
PID 2172 wrote to memory of 1644	2172	2d54673be03f5ac0529ff7d08a3a814f_JaffaCakes118.exe	85
PID 1644 wrote to memory of 3276	1644	java.exe	87
PID 1644 wrote to memory of 3276	1644	java.exe	87

C:\Users\Admin\AppData\Local\Temp\2d54673be03f5ac0529ff7d08a3a814f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2d54673be03f5ac0529ff7d08a3a814f_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\labymod-wininstaller/LabyMod3_Installer.jar
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1644
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
07b8904bb897c381cc337385d2f2ad9a

SHA1
b52079025d34bfeec0d8434d00ae0cabf2fd13ee

SHA256
3e95951f89798bff6b2aa58fe69270a4bca342c57a283c95c579f9dda0923918

SHA512
806a312629599ca73e71575fea725fe0e2bc6ecdf2ac1e101b28ec0157391604ad1eeeb321ceb59b9306db5a86292e12c193363c2897d2c0ee32bfcd5a5ab1d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\labymod-wininstaller\LabyMod3_Installer.jar

Filesize
1.2MB

MD5
746a78b327ca140e1f36e068fb7c711f

SHA1
8475acb133ec165f2b81b3664b4fb48ebbe1aa6b

SHA256
32fa0240eff609ed0ca082e0f4bc167527cbc928df0dc5dc02e679f9ef3ab4df

SHA512
cc09f42262499ddfad172d1e9e3a978aed5a6dad3f75be0ea6a615eb0ff1b94857970a83078bc820b81e80b036f509496516dab524a30214bb088564dfd8e266

Download Submit
memory/1644-108-0x0000020000430000-0x0000020000440000-memory.dmp

Filesize
64KB

Download
memory/1644-85-0x000002007BE60000-0x000002007BE61000-memory.dmp

Filesize
4KB

Download
memory/1644-28-0x0000020000270000-0x0000020000280000-memory.dmp

Filesize
64KB

Download
memory/1644-182-0x00000200004D0000-0x00000200004E0000-memory.dmp

Filesize
64KB

Download
memory/1644-11-0x0000020000000000-0x0000020000270000-memory.dmp

Filesize
2.4MB

Download
memory/1644-30-0x0000020000280000-0x0000020000290000-memory.dmp

Filesize
64KB

Download
memory/1644-32-0x0000020000290000-0x00000200002A0000-memory.dmp

Filesize
64KB

Download
memory/1644-34-0x00000200002A0000-0x00000200002B0000-memory.dmp

Filesize
64KB

Download
memory/1644-36-0x00000200002B0000-0x00000200002C0000-memory.dmp

Filesize
64KB

Download
memory/1644-38-0x00000200002C0000-0x00000200002D0000-memory.dmp

Filesize
64KB

Download
memory/1644-40-0x00000200002D0000-0x00000200002E0000-memory.dmp

Filesize
64KB

Download
memory/1644-107-0x0000020000420000-0x0000020000430000-memory.dmp

Filesize
64KB

Download
memory/1644-43-0x00000200002E0000-0x00000200002F0000-memory.dmp

Filesize
64KB

Download
memory/1644-47-0x0000020000300000-0x0000020000310000-memory.dmp

Filesize
64KB

Download
memory/1644-46-0x0000020000000000-0x0000020000270000-memory.dmp

Filesize
2.4MB

Download
memory/1644-53-0x0000020000320000-0x0000020000330000-memory.dmp

Filesize
64KB

Download
memory/1644-52-0x0000020000280000-0x0000020000290000-memory.dmp

Filesize
64KB

Download
memory/1644-51-0x0000020000310000-0x0000020000320000-memory.dmp

Filesize
64KB

Download
memory/1644-50-0x0000020000270000-0x0000020000280000-memory.dmp

Filesize
64KB

Download
memory/1644-56-0x0000020000330000-0x0000020000340000-memory.dmp

Filesize
64KB

Download
memory/1644-55-0x0000020000290000-0x00000200002A0000-memory.dmp

Filesize
64KB

Download
memory/1644-61-0x0000020000350000-0x0000020000360000-memory.dmp

Filesize
64KB

Download
memory/1644-60-0x0000020000340000-0x0000020000350000-memory.dmp

Filesize
64KB

Download
memory/1644-59-0x00000200002A0000-0x00000200002B0000-memory.dmp

Filesize
64KB

Download
memory/1644-70-0x00000200002C0000-0x00000200002D0000-memory.dmp

Filesize
64KB

Download
memory/1644-69-0x0000020000380000-0x0000020000390000-memory.dmp

Filesize
64KB

Download
memory/1644-75-0x00000200002E0000-0x00000200002F0000-memory.dmp

Filesize
64KB

Download
memory/1644-76-0x00000200003A0000-0x00000200003B0000-memory.dmp

Filesize
64KB

Download
memory/1644-73-0x0000020000390000-0x00000200003A0000-memory.dmp

Filesize
64KB

Download
memory/1644-72-0x00000200002D0000-0x00000200002E0000-memory.dmp

Filesize
64KB

Download
memory/1644-68-0x0000020000370000-0x0000020000380000-memory.dmp

Filesize
64KB

Download
memory/1644-67-0x0000020000360000-0x0000020000370000-memory.dmp

Filesize
64KB

Download
memory/1644-66-0x00000200002B0000-0x00000200002C0000-memory.dmp

Filesize
64KB

Download
memory/1644-79-0x00000200003B0000-0x00000200003C0000-memory.dmp

Filesize
64KB

Download
memory/1644-78-0x00000200002F0000-0x0000020000300000-memory.dmp

Filesize
64KB

Download
memory/1644-82-0x0000020000300000-0x0000020000310000-memory.dmp

Filesize
64KB

Download
memory/1644-84-0x00000200003C0000-0x00000200003D0000-memory.dmp

Filesize
64KB

Download
memory/1644-83-0x0000020000310000-0x0000020000320000-memory.dmp

Filesize
64KB

Download
memory/1644-106-0x0000020000380000-0x0000020000390000-memory.dmp

Filesize
64KB

Download
memory/1644-90-0x00000200003D0000-0x00000200003E0000-memory.dmp

Filesize
64KB

Download
memory/1644-92-0x00000200003E0000-0x00000200003F0000-memory.dmp

Filesize
64KB

Download
memory/1644-91-0x0000020000320000-0x0000020000330000-memory.dmp

Filesize
64KB

Download
memory/1644-96-0x00000200003F0000-0x0000020000400000-memory.dmp

Filesize
64KB

Download
memory/1644-95-0x0000020000330000-0x0000020000340000-memory.dmp

Filesize
64KB

Download
memory/1644-98-0x0000020000350000-0x0000020000360000-memory.dmp

Filesize
64KB

Download
memory/1644-99-0x0000020000400000-0x0000020000410000-memory.dmp

Filesize
64KB

Download
memory/1644-97-0x0000020000340000-0x0000020000350000-memory.dmp

Filesize
64KB

Download
memory/1644-103-0x0000020000410000-0x0000020000420000-memory.dmp

Filesize
64KB

Download
memory/1644-102-0x0000020000370000-0x0000020000380000-memory.dmp

Filesize
64KB

Download
memory/1644-101-0x0000020000360000-0x0000020000370000-memory.dmp

Filesize
64KB

Download
memory/1644-181-0x0000020000570000-0x0000020000580000-memory.dmp

Filesize
64KB

Download
memory/1644-44-0x00000200002F0000-0x0000020000300000-memory.dmp

Filesize
64KB

Download
memory/1644-24-0x000002007BE60000-0x000002007BE61000-memory.dmp

Filesize
4KB

Download
memory/1644-111-0x0000020000390000-0x00000200003A0000-memory.dmp

Filesize
64KB

Download
memory/1644-112-0x0000020000440000-0x0000020000450000-memory.dmp

Filesize
64KB

Download
memory/1644-114-0x000002007BE60000-0x000002007BE61000-memory.dmp

Filesize
4KB

Download
memory/1644-117-0x0000020000450000-0x0000020000460000-memory.dmp

Filesize
64KB

Download
memory/1644-116-0x00000200003A0000-0x00000200003B0000-memory.dmp

Filesize
64KB

Download
memory/1644-122-0x00000200003B0000-0x00000200003C0000-memory.dmp

Filesize
64KB

Download
memory/1644-127-0x0000020000490000-0x00000200004A0000-memory.dmp

Filesize
64KB

Download
memory/1644-123-0x0000020000460000-0x0000020000470000-memory.dmp

Filesize
64KB

Download
memory/1644-126-0x00000200003C0000-0x00000200003D0000-memory.dmp

Filesize
64KB

Download
memory/1644-125-0x0000020000480000-0x0000020000490000-memory.dmp

Filesize
64KB

Download
memory/1644-124-0x0000020000470000-0x0000020000480000-memory.dmp

Filesize
64KB

Download
memory/1644-131-0x00000200004A0000-0x00000200004B0000-memory.dmp

Filesize
64KB

Download
memory/1644-130-0x00000200003D0000-0x00000200003E0000-memory.dmp

Filesize
64KB

Download
memory/1644-134-0x00000200004B0000-0x00000200004C0000-memory.dmp

Filesize
64KB

Download
memory/1644-133-0x00000200003E0000-0x00000200003F0000-memory.dmp

Filesize
64KB

Download
memory/1644-137-0x00000200003F0000-0x0000020000400000-memory.dmp

Filesize
64KB

Download
memory/1644-138-0x00000200004C0000-0x00000200004D0000-memory.dmp

Filesize
64KB

Download
memory/1644-139-0x000002007BE60000-0x000002007BE61000-memory.dmp

Filesize
4KB

Download
memory/1644-145-0x00000200004E0000-0x00000200004F0000-memory.dmp

Filesize
64KB

Download
memory/1644-144-0x00000200004D0000-0x00000200004E0000-memory.dmp

Filesize
64KB

Download
memory/1644-146-0x00000200004F0000-0x0000020000500000-memory.dmp

Filesize
64KB

Download
memory/1644-143-0x0000020000400000-0x0000020000410000-memory.dmp

Filesize
64KB

Download
memory/1644-156-0x0000020000530000-0x0000020000540000-memory.dmp

Filesize
64KB

Download
memory/1644-155-0x0000020000520000-0x0000020000530000-memory.dmp

Filesize
64KB

Download
memory/1644-161-0x0000020000540000-0x0000020000550000-memory.dmp

Filesize
64KB

Download
memory/1644-160-0x0000020000510000-0x0000020000520000-memory.dmp

Filesize
64KB

Download
memory/1644-159-0x0000020000430000-0x0000020000440000-memory.dmp

Filesize
64KB

Download
memory/1644-158-0x0000020000420000-0x0000020000430000-memory.dmp

Filesize
64KB

Download
memory/1644-154-0x0000020000500000-0x0000020000510000-memory.dmp

Filesize
64KB

Download
memory/1644-165-0x0000020000550000-0x0000020000560000-memory.dmp

Filesize
64KB

Download
memory/1644-164-0x0000020000440000-0x0000020000450000-memory.dmp

Filesize
64KB

Download
memory/1644-153-0x0000020000410000-0x0000020000420000-memory.dmp

Filesize
64KB

Download
memory/1644-152-0x000002007BE60000-0x000002007BE61000-memory.dmp

Filesize
4KB

Download
memory/1644-168-0x000002007BE60000-0x000002007BE61000-memory.dmp

Filesize
4KB

Download
memory/1644-171-0x0000020000560000-0x0000020000570000-memory.dmp

Filesize
64KB

Download
memory/1644-170-0x0000020000460000-0x0000020000470000-memory.dmp

Filesize
64KB

Download
memory/1644-169-0x0000020000450000-0x0000020000460000-memory.dmp

Filesize
64KB

Download
memory/1644-174-0x0000020000470000-0x0000020000480000-memory.dmp

Filesize
64KB

Download
memory/1644-175-0x0000020000480000-0x0000020000490000-memory.dmp

Filesize
64KB

Download
memory/1644-176-0x0000020000490000-0x00000200004A0000-memory.dmp

Filesize
64KB

Download
memory/1644-177-0x00000200004A0000-0x00000200004B0000-memory.dmp

Filesize
64KB

Download
memory/1644-178-0x00000200004B0000-0x00000200004C0000-memory.dmp

Filesize
64KB

Download
memory/1644-180-0x00000200004C0000-0x00000200004D0000-memory.dmp

Filesize
64KB

Download
memory/2172-1-0x00007FF974E43000-0x00007FF974E45000-memory.dmp

Filesize
8KB

Download
memory/2172-0-0x00000000002D0000-0x00000000002F4000-memory.dmp

Filesize
144KB

Download
memory/2172-2-0x0000000000980000-0x00000000009CE000-memory.dmp

Filesize
312KB

Download
memory/2172-3-0x00007FF974E40000-0x00007FF975901000-memory.dmp

Filesize
10.8MB

Download
memory/2172-4-0x00007FF974E40000-0x00007FF975901000-memory.dmp

Filesize
10.8MB

Download
memory/2172-8-0x00007FF974E40000-0x00007FF975901000-memory.dmp

Filesize
10.8MB

Download