Analysis Overview
SHA256
788f64aca414214dddfb7e213559ad8f112c388d4a1d60907a3bda94e1f96a63
Threat Level: Shows suspicious behavior
The file a906ec29b3aca3698c50749a8ddda7bc_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Loads dropped DLL
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Unsigned PE
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 09:44
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 09:44
Reported
2024-06-14 09:47
Platform
win7-20240508-en
Max time kernel
146s
Max time network
149s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~3734550675943398405~\sg.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360SpeedTest.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360SpeedTest.exe | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360SpeedTest.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360SpeedTest.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a906ec29b3aca3698c50749a8ddda7bc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a906ec29b3aca3698c50749a8ddda7bc_JaffaCakes118.exe"
C:\Windows\system32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\~3734550675943398405~\sg.tmp
7zG_exe x "C:\Users\Admin\AppData\Local\Temp\a906ec29b3aca3698c50749a8ddda7bc_JaffaCakes118.exe" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~8090210575028580872"
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360SpeedTest.exe
"C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360SpeedTest.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.360.cn | udp |
| US | 8.8.8.8:53 | s.conf.wsm.360.cn | udp |
| US | 8.8.8.8:53 | s.conf.wsm.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | u.qurl.f.360.cn | udp |
| US | 8.8.8.8:53 | cdn.api.ip.360.cn | udp |
| US | 8.8.8.8:53 | qurl.f.360.cn | udp |
| US | 8.8.8.8:53 | kdjs.fangyb.com | udp |
| US | 8.8.8.8:53 | qurl.f.360.cn | udp |
| US | 8.8.8.8:53 | qurl.f.360.cn | udp |
| US | 8.8.8.8:53 | s.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| N/A | 255.255.255.255:3600 | udp | |
| US | 8.8.8.8:53 | dldir1.qq.com | udp |
| US | 8.8.8.8:53 | st.p.360.cn | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | bigsoftdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | dldir1.qq.com | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | bigsoftdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | bigsoftdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | tr.p.360.cn | udp |
| US | 8.8.8.8:53 | agt.p.360.cn | udp |
| N/A | 127.0.0.1:3601 | udp | |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | bigsoftdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | bigsoftdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | bigsoftdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | dldir1.qq.com | udp |
| US | 8.8.8.8:53 | dldir1.qq.com | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| CN | 180.153.227.168:80 | udp | |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
Files
memory/1852-0-0x0000000000400000-0x0000000000549000-memory.dmp
\Users\Admin\AppData\Local\Temp\~3734550675943398405~\sg.tmp
| MD5 | 7c4718943bd3f66ebdb47ccca72c7b1e |
| SHA1 | f9edfaa7adb8fa528b2e61b2b251f18da10a6969 |
| SHA256 | 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc |
| SHA512 | e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516 |
\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360SpeedTest.exe
| MD5 | 3f9d76758b9840641d2a0c77903cd00f |
| SHA1 | ad460937ded63ab52ab5475346e62750521e4b9e |
| SHA256 | 1f46e635f5bf22424bfbd06359e10ad16badd872d6b7d6d11809653315cb8dde |
| SHA512 | 83c3280a7dffe2c58742fff681e8ac5850225085f70b1701447bb6f640819a87e9f1525ca6b79a919d38247b3209d3685c41971cd0ed25344b2a9c71750125e7 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\360Base.dll
| MD5 | 3d5428389f04ce1f35b1ea5b637db05c |
| SHA1 | 187313f4e32e14f6ebb7b8258e40075f9f7fa246 |
| SHA256 | 50773f6c715015e63cbd17148477f1025a5972ceb80abfacae74fbd89b7de01f |
| SHA512 | 7a04b0cc8099c965d2bb050ac095094909900e323aaf7eeb945158bfc8c833a5e3ff83a4e41878cd10313dab9f8bd2f62c562d4e2787d8e8182e91e1b1f57658 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\360util.dll
| MD5 | f676120a9d9df0f992d7a1f093226dc1 |
| SHA1 | 530da6dec17ae45092eff48ce808daafa12c818f |
| SHA256 | cb330b1befd0fbe89359dcd50d4a06f763537a7d217d75270f3c63a5ee6ce5a1 |
| SHA512 | 07d213ac771b025f8868b234fde52ccc91f75b62d73b4fdb2bc9619e98931568f6ced0e6c1997671dee8b168765db9f3dee6f55b0636ee3c00cf8d0037d284fc |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\CrashReport.dll
| MD5 | 361ee0170374127e396e7ab4d839bdb3 |
| SHA1 | 44430877438ca137b0386de1223349b8e86a3270 |
| SHA256 | bb393ebae1fd656b019cd086c05fcece979405c4616989bfdde6d60044d08b8d |
| SHA512 | 617b80214537675a5964f0cbc3d8e5bec53afb7ce8c5a7de18ad4ea9389767294c11407f85c72a08dd400020ed06f37e6898c85bcea74c06e9d43f84cc4caafa |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\360conf.dll
| MD5 | b98a1e65f209fe1f10f8564dec0f0c42 |
| SHA1 | cab41605d9b7241c134798723ecdf9d3dc2f2615 |
| SHA256 | 885aa4f58297382396717563137d212fbcb4299f95426c40c43abcdcecf54246 |
| SHA512 | 35cd81aaa9fbadb8b174f6b2d30fa6c2c0c91786e6714073598cb09f1028790f03609de63b51c2e966021bd7da8521ec06612f0582fc1a5752ee0df7b8259b59 |
memory/2584-80-0x00000000006F0000-0x00000000006F1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360Speedr.ini
| MD5 | 1fd698eda55b404d7365ba91763e3184 |
| SHA1 | db38e2bcfcef0fe6ee8d5e638a5877a1eacc175d |
| SHA256 | e74aea2dbd0114db5386fcaf2d4871d6a19b6c00be71a4ae2171b8160b87f07b |
| SHA512 | d8bb1cab300cdb6f262b172fe7ad749f2675ac7448aaa8c058c456dcf2ff98095da7cc9b477ed7afa974087083eea20dcc45d96a0ec7628da225374aa8c60840 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360SpeedTest.his
| MD5 | 6d45ceae03e9e0dceaef1bdde8ddbd35 |
| SHA1 | e0ff5bfa3a719bdfd6bd02a97b230549482b9958 |
| SHA256 | ac40859c3ece9c3c144838031eb7d7d6011a47c713c50614f74a10fcbd3e6cb2 |
| SHA512 | 9c67e7a54a35b1accac82c721ee642116f7fc95d830170ac0a44c26275d8cebc45051d33cbeb9512cd9459d7d3113270409d1b9614e957b7e287bdf2e9de79c1 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360Netmon.ini
| MD5 | d852ecab7fc1f46e684c278caa8604d4 |
| SHA1 | c457ea5e1a6c00167e43daf83a9bd4c11d97c909 |
| SHA256 | 3102da9330e700d895957cf4381a38fd17af3ed0275aa1119ae1da07dea4ea69 |
| SHA512 | 95387c092ff7cb9aff5047dbb2b1e923d403aa43f681da17bbc799bae640707fadb1aa18654bc60c3ad487fb5cb61e4a78663594d8e219d3b122bc6f53104827 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\ipc\ipcService.dll
| MD5 | 7297ae402359e3416108e5a70c048ebe |
| SHA1 | 692b7ad091ea1d52e2c21a05e65ec6c55c54dd5f |
| SHA256 | f525005d0697f68236bd1530242397a1fc364fb3f1018274b4e1163650db6a1c |
| SHA512 | c151acd9e8580ab5749e87277c6d06117b96dfca1f544764d76715f5fc0c97f1a86fa783e63d8d6261f40248702c1bb1648b66125abc41a61bbfb19b95bd28e4 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\netspeed.dll
| MD5 | 46a4a3e3d3f57454ff93c5872eadc9b9 |
| SHA1 | 10ec428616d000f99ff723039fd75f7c0f563b8d |
| SHA256 | ce874c4695f41c622b985d2add6b293bc87879370cdfbf7702cbed648860cf76 |
| SHA512 | 65063d60a2a2620397ce0be508c5064551857dc8e1e76fe07fd4fdac682271676431ae3d1ca418409f1bb2919c40b9905a7b07ff00f2d90c0bbb13987bd17dc2 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360SpeedTestWebList.dat
| MD5 | 06e6a779881ae8b1d718332ff546163a |
| SHA1 | 58acc91288c2588ee6963062a1d99831d25f8fd3 |
| SHA256 | 6ba6e90f34327a4d509dfbfda26589ec24512430c20c0fc2a02452e3c2693b06 |
| SHA512 | 54cee3a31af097f8fdba824b46bd494cd8d2949a062dba50571f213fff72849a1fc38e2609948435d413560cab40185bf72359926db113db002f0a9acc29d15f |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\360NetBase.dll
| MD5 | 14c6b4bbd31f6fd13530bc941cc71d1a |
| SHA1 | ce4e38ac82a54f64d318507ddc28f9ffbb378f0f |
| SHA256 | 401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5 |
| SHA512 | c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\PDown.dll
| MD5 | a22728deb2aadc1f2903d4498f156dbd |
| SHA1 | 7219d46e0a1ff8b0d13bee56611cd715daba1d55 |
| SHA256 | c7ac2ff0ac102f8ae1f43cc75db94edb20b2773416f5063ea8a32db503623ca6 |
| SHA512 | 4abb066d5d135c49347cf2b2377be9203e03ad6f561fc83a600b6e22fc7f3f88bcd3898836c8df4c69260f1d867aec5f768dce7839085bf8bd3feeb38ba8853c |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\360net.dll
| MD5 | d5f22fc1beff60f5fa9398effca73e2f |
| SHA1 | f84c5f048b5269381a8c6d1dc21905458856543b |
| SHA256 | 214a5e9aab33148866db82ab51c5bcce9e4240794c2c2850fa0f7b3bc3aa34e6 |
| SHA512 | b031336bf42a55e738a412b39acff8b57892f8d2b49c3ec4eadc9f7c9ad45cbc0f5b06a921fd07cfed2faf2de07c6957dfd8975de5e322f0f82c558ee9dcf1c3 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\360NetSpd3.dat
| MD5 | 1ffe5dd76ac1d4dd936b8151ddbf5652 |
| SHA1 | 088872b18dced9412e8f2133e8838593356cecd5 |
| SHA256 | e59a6726de15cf823a3c8062a0722131c4d9a298202ec88f9baef894cf9be437 |
| SHA512 | 3280edb08f115d6e50193e4c3ac438627f3a7e4c892968311f66d74b96a4a0610537e88b108a9fdd16f33ed70347c38e165351da1cdad0712d2da64c8a8d709c |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\netspeed.npl
| MD5 | 56f4784817a52d0d873933c114ab9af1 |
| SHA1 | 05fa94986dcef47383957cf00112cd6cdc142a6a |
| SHA256 | e07de8ac8d8314f37665d518d6b611b63b9ec12a86c08f14376d72ce7ad37344 |
| SHA512 | 6d69bf0e47bd1f3d80dc9fe9c580a9540137fdc73cea0ea90c451df9843d8a3111c8788adfd2f506e0b2d83d730e00a5c85a87b150450c16efd45e6254b39236 |
\Users\Admin\AppData\Local\Temp\~8090210575028580872\360NetUL.dll
| MD5 | 2586f41adfba6687e18e52b75f69c839 |
| SHA1 | 88d1099afd28ed6c3943107904dc766bb509ec40 |
| SHA256 | e692bb1cabb48bd7652f7fcc17c10f0c421304677128e199347ca54c75340ce5 |
| SHA512 | b16bd522fd69f8190362e4003513cb0401544a5c89bee6b5eaa569e2262e88f405d9c84425b3cb1afd74b3d2771062e37e7ac367246ca69686c8414632a17f06 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\safemon\urlproc.dll
| MD5 | 75db43606be4fe1a65eb81f68735c1c5 |
| SHA1 | f6bb420370ccef7b6a20b42f486b0874af3d99c9 |
| SHA256 | ff8c3e0055c40f2f83f6d72c3563d3f6e00933200277de30cc905e0e0ce2700a |
| SHA512 | 2b9ad86dd3a8989e552c5fa8cb5909b9791b389c4688606af1f6042bceb12676e9409b881e9c6a34a30465ed6a075f2cc6470f21abab108619c7cc16df90dbb2 |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\netmon\netspeedtmp.npl
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\360Verify.dll
| MD5 | c6d8d10683083094a44081cdff3acc89 |
| SHA1 | 7fbe2de22d6971bd0e250b98fba85553203b238a |
| SHA256 | ad06ba38f929be5d3527c2003f3fb44a457d77e4ad136c75b559f84d1d366ee5 |
| SHA512 | 1f3bbe36d0650171920dbc73f4ec4775aa6ab3154ada2d1f47e71732cd56f4b0d19b740157dd86d687b19c8256a48ccbbfefe0686a20e2301c1041f38985ce21 |
memory/1852-110-0x0000000000400000-0x0000000000549000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~8090210575028580872\LiveUpd360.dll
| MD5 | 1e801ff172ce300810f126ff998ef84d |
| SHA1 | 3d7a5a8f3c8feb167079744480c59b061ca100a8 |
| SHA256 | dcda5db8e5d2b7b5664b7b315b147c347c55f13821c23dc1d20c93bf83112b6c |
| SHA512 | 22c4382b4ab70cf5862f60e8f3769057c619b762770cb014156eb42a1216fecaf4a563664116b85e1398d209f1830c80a087663df8169b1d08bf0fd2fe9d243e |
\Users\Admin\AppData\Local\Temp\~8090210575028580872\360P2SP.dll
| MD5 | 01c3370a28ca91a9cdf817ea75a193f4 |
| SHA1 | 30311d34f7716c361c4355b2cead17fc5d68bf82 |
| SHA256 | 39ba7e809c6fafe1187fb7b925d03b736975e35e5ae907adf3622ef467d7dade |
| SHA512 | 11e64c998755e90c81d58cafd3d894c5b40123e455079a7b705c38cc7cb56b6204e46779c12ade3a9eac3a6d02c561a0d9e19768f77d86b13d1a0ad3a3f2cdd5 |
memory/2584-118-0x00000000006F0000-0x00000000006F1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 09:44
Reported
2024-06-14 09:47
Platform
win10v2004-20240508-en
Max time kernel
144s
Max time network
150s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~7074603145434275314~\sg.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360SpeedTest.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360SpeedTest.exe | N/A |
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360SpeedTest.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360SpeedTest.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a906ec29b3aca3698c50749a8ddda7bc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a906ec29b3aca3698c50749a8ddda7bc_JaffaCakes118.exe"
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c set
C:\Users\Admin\AppData\Local\Temp\~7074603145434275314~\sg.tmp
7zG_exe x "C:\Users\Admin\AppData\Local\Temp\a906ec29b3aca3698c50749a8ddda7bc_JaffaCakes118.exe" -y -aoa -o"C:\Users\Admin\AppData\Local\Temp\~5735785932928376586"
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360SpeedTest.exe
"C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360SpeedTest.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4240,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=1300 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.360.cn | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | s.conf.wsm.360.cn | udp |
| US | 8.8.8.8:53 | u.qurl.f.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | qurl.f.360.cn | udp |
| US | 8.8.8.8:53 | cdn.api.ip.360.cn | udp |
| US | 8.8.8.8:53 | kdjs.fangyb.com | udp |
| US | 8.8.8.8:53 | s.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| N/A | 255.255.255.255:3600 | udp | |
| US | 8.8.8.8:53 | st.p.360.cn | udp |
| US | 8.8.8.8:53 | dldir1.qq.com | udp |
| US | 8.8.8.8:53 | agd2.p.360.cn | udp |
| US | 8.8.8.8:53 | softdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | bigsoftdlc.360tpcdn.com | udp |
| US | 8.8.8.8:53 | tr.p.360.cn | udp |
| US | 8.8.8.8:53 | agt.p.360.cn | udp |
| N/A | 127.0.0.1:3601 | udp | |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| CN | 180.153.227.168:80 | udp | |
| US | 8.8.8.8:53 | 168.227.153.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speed.netmon.360safe.com | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
| US | 8.8.8.8:53 | speedtest.360.cn | udp |
Files
memory/116-0-0x0000000000400000-0x0000000000549000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~7074603145434275314~\sg.tmp
| MD5 | 7c4718943bd3f66ebdb47ccca72c7b1e |
| SHA1 | f9edfaa7adb8fa528b2e61b2b251f18da10a6969 |
| SHA256 | 4cc32d00338fc7b206a7c052297acf9ac304ae7de9d61a2475a116959c1524fc |
| SHA512 | e18c40d646fa4948f90f7471da55489df431f255041ebb6dcef86346f91078c9b27894e27216a4b2fe2a1c5e501c7953c77893cf696930123d28a322d49e1516 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360SpeedTest.exe
| MD5 | 3f9d76758b9840641d2a0c77903cd00f |
| SHA1 | ad460937ded63ab52ab5475346e62750521e4b9e |
| SHA256 | 1f46e635f5bf22424bfbd06359e10ad16badd872d6b7d6d11809653315cb8dde |
| SHA512 | 83c3280a7dffe2c58742fff681e8ac5850225085f70b1701447bb6f640819a87e9f1525ca6b79a919d38247b3209d3685c41971cd0ed25344b2a9c71750125e7 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\360Base.dll
| MD5 | 3d5428389f04ce1f35b1ea5b637db05c |
| SHA1 | 187313f4e32e14f6ebb7b8258e40075f9f7fa246 |
| SHA256 | 50773f6c715015e63cbd17148477f1025a5972ceb80abfacae74fbd89b7de01f |
| SHA512 | 7a04b0cc8099c965d2bb050ac095094909900e323aaf7eeb945158bfc8c833a5e3ff83a4e41878cd10313dab9f8bd2f62c562d4e2787d8e8182e91e1b1f57658 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\360util.dll
| MD5 | f676120a9d9df0f992d7a1f093226dc1 |
| SHA1 | 530da6dec17ae45092eff48ce808daafa12c818f |
| SHA256 | cb330b1befd0fbe89359dcd50d4a06f763537a7d217d75270f3c63a5ee6ce5a1 |
| SHA512 | 07d213ac771b025f8868b234fde52ccc91f75b62d73b4fdb2bc9619e98931568f6ced0e6c1997671dee8b168765db9f3dee6f55b0636ee3c00cf8d0037d284fc |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\CrashReport.dll
| MD5 | 361ee0170374127e396e7ab4d839bdb3 |
| SHA1 | 44430877438ca137b0386de1223349b8e86a3270 |
| SHA256 | bb393ebae1fd656b019cd086c05fcece979405c4616989bfdde6d60044d08b8d |
| SHA512 | 617b80214537675a5964f0cbc3d8e5bec53afb7ce8c5a7de18ad4ea9389767294c11407f85c72a08dd400020ed06f37e6898c85bcea74c06e9d43f84cc4caafa |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\360conf.dll
| MD5 | b98a1e65f209fe1f10f8564dec0f0c42 |
| SHA1 | cab41605d9b7241c134798723ecdf9d3dc2f2615 |
| SHA256 | 885aa4f58297382396717563137d212fbcb4299f95426c40c43abcdcecf54246 |
| SHA512 | 35cd81aaa9fbadb8b174f6b2d30fa6c2c0c91786e6714073598cb09f1028790f03609de63b51c2e966021bd7da8521ec06612f0582fc1a5752ee0df7b8259b59 |
memory/3688-77-0x0000000003440000-0x0000000003441000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360Speedr.ini
| MD5 | 1fd698eda55b404d7365ba91763e3184 |
| SHA1 | db38e2bcfcef0fe6ee8d5e638a5877a1eacc175d |
| SHA256 | e74aea2dbd0114db5386fcaf2d4871d6a19b6c00be71a4ae2171b8160b87f07b |
| SHA512 | d8bb1cab300cdb6f262b172fe7ad749f2675ac7448aaa8c058c456dcf2ff98095da7cc9b477ed7afa974087083eea20dcc45d96a0ec7628da225374aa8c60840 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360SpeedTest.his
| MD5 | 6d45ceae03e9e0dceaef1bdde8ddbd35 |
| SHA1 | e0ff5bfa3a719bdfd6bd02a97b230549482b9958 |
| SHA256 | ac40859c3ece9c3c144838031eb7d7d6011a47c713c50614f74a10fcbd3e6cb2 |
| SHA512 | 9c67e7a54a35b1accac82c721ee642116f7fc95d830170ac0a44c26275d8cebc45051d33cbeb9512cd9459d7d3113270409d1b9614e957b7e287bdf2e9de79c1 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360Netmon.ini
| MD5 | d852ecab7fc1f46e684c278caa8604d4 |
| SHA1 | c457ea5e1a6c00167e43daf83a9bd4c11d97c909 |
| SHA256 | 3102da9330e700d895957cf4381a38fd17af3ed0275aa1119ae1da07dea4ea69 |
| SHA512 | 95387c092ff7cb9aff5047dbb2b1e923d403aa43f681da17bbc799bae640707fadb1aa18654bc60c3ad487fb5cb61e4a78663594d8e219d3b122bc6f53104827 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\ipc\ipcService.dll
| MD5 | 7297ae402359e3416108e5a70c048ebe |
| SHA1 | 692b7ad091ea1d52e2c21a05e65ec6c55c54dd5f |
| SHA256 | f525005d0697f68236bd1530242397a1fc364fb3f1018274b4e1163650db6a1c |
| SHA512 | c151acd9e8580ab5749e87277c6d06117b96dfca1f544764d76715f5fc0c97f1a86fa783e63d8d6261f40248702c1bb1648b66125abc41a61bbfb19b95bd28e4 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360SpeedTestWebList.dat
| MD5 | 06e6a779881ae8b1d718332ff546163a |
| SHA1 | 58acc91288c2588ee6963062a1d99831d25f8fd3 |
| SHA256 | 6ba6e90f34327a4d509dfbfda26589ec24512430c20c0fc2a02452e3c2693b06 |
| SHA512 | 54cee3a31af097f8fdba824b46bd494cd8d2949a062dba50571f213fff72849a1fc38e2609948435d413560cab40185bf72359926db113db002f0a9acc29d15f |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\netspeed.dll
| MD5 | 46a4a3e3d3f57454ff93c5872eadc9b9 |
| SHA1 | 10ec428616d000f99ff723039fd75f7c0f563b8d |
| SHA256 | ce874c4695f41c622b985d2add6b293bc87879370cdfbf7702cbed648860cf76 |
| SHA512 | 65063d60a2a2620397ce0be508c5064551857dc8e1e76fe07fd4fdac682271676431ae3d1ca418409f1bb2919c40b9905a7b07ff00f2d90c0bbb13987bd17dc2 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\360NetBase.dll
| MD5 | 14c6b4bbd31f6fd13530bc941cc71d1a |
| SHA1 | ce4e38ac82a54f64d318507ddc28f9ffbb378f0f |
| SHA256 | 401d8529a84f1d80a439be8cd4e869202162458e5afb5e5bac97c4859bfe8eb5 |
| SHA512 | c16d525f1d3fc098b4d6c8b8a872a9013ef2f945f27af73ed7826f61a2b80d756ae5348105432909eccc71f03834cd1301f87fa5a0107e0c7137f5c8e3a3cc95 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\PDown.dll
| MD5 | a22728deb2aadc1f2903d4498f156dbd |
| SHA1 | 7219d46e0a1ff8b0d13bee56611cd715daba1d55 |
| SHA256 | c7ac2ff0ac102f8ae1f43cc75db94edb20b2773416f5063ea8a32db503623ca6 |
| SHA512 | 4abb066d5d135c49347cf2b2377be9203e03ad6f561fc83a600b6e22fc7f3f88bcd3898836c8df4c69260f1d867aec5f768dce7839085bf8bd3feeb38ba8853c |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\360net.dll
| MD5 | d5f22fc1beff60f5fa9398effca73e2f |
| SHA1 | f84c5f048b5269381a8c6d1dc21905458856543b |
| SHA256 | 214a5e9aab33148866db82ab51c5bcce9e4240794c2c2850fa0f7b3bc3aa34e6 |
| SHA512 | b031336bf42a55e738a412b39acff8b57892f8d2b49c3ec4eadc9f7c9ad45cbc0f5b06a921fd07cfed2faf2de07c6957dfd8975de5e322f0f82c558ee9dcf1c3 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\360NetSpd3.dat
| MD5 | 1ffe5dd76ac1d4dd936b8151ddbf5652 |
| SHA1 | 088872b18dced9412e8f2133e8838593356cecd5 |
| SHA256 | e59a6726de15cf823a3c8062a0722131c4d9a298202ec88f9baef894cf9be437 |
| SHA512 | 3280edb08f115d6e50193e4c3ac438627f3a7e4c892968311f66d74b96a4a0610537e88b108a9fdd16f33ed70347c38e165351da1cdad0712d2da64c8a8d709c |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\360NetUL.dll
| MD5 | 2586f41adfba6687e18e52b75f69c839 |
| SHA1 | 88d1099afd28ed6c3943107904dc766bb509ec40 |
| SHA256 | e692bb1cabb48bd7652f7fcc17c10f0c421304677128e199347ca54c75340ce5 |
| SHA512 | b16bd522fd69f8190362e4003513cb0401544a5c89bee6b5eaa569e2262e88f405d9c84425b3cb1afd74b3d2771062e37e7ac367246ca69686c8414632a17f06 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\safemon\urlproc.dll
| MD5 | 75db43606be4fe1a65eb81f68735c1c5 |
| SHA1 | f6bb420370ccef7b6a20b42f486b0874af3d99c9 |
| SHA256 | ff8c3e0055c40f2f83f6d72c3563d3f6e00933200277de30cc905e0e0ce2700a |
| SHA512 | 2b9ad86dd3a8989e552c5fa8cb5909b9791b389c4688606af1f6042bceb12676e9409b881e9c6a34a30465ed6a075f2cc6470f21abab108619c7cc16df90dbb2 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\netspeed.npl
| MD5 | 56f4784817a52d0d873933c114ab9af1 |
| SHA1 | 05fa94986dcef47383957cf00112cd6cdc142a6a |
| SHA256 | e07de8ac8d8314f37665d518d6b611b63b9ec12a86c08f14376d72ce7ad37344 |
| SHA512 | 6d69bf0e47bd1f3d80dc9fe9c580a9540137fdc73cea0ea90c451df9843d8a3111c8788adfd2f506e0b2d83d730e00a5c85a87b150450c16efd45e6254b39236 |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\netmon\netspeedtmp.npl
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\360Verify.dll
| MD5 | c6d8d10683083094a44081cdff3acc89 |
| SHA1 | 7fbe2de22d6971bd0e250b98fba85553203b238a |
| SHA256 | ad06ba38f929be5d3527c2003f3fb44a457d77e4ad136c75b559f84d1d366ee5 |
| SHA512 | 1f3bbe36d0650171920dbc73f4ec4775aa6ab3154ada2d1f47e71732cd56f4b0d19b740157dd86d687b19c8256a48ccbbfefe0686a20e2301c1041f38985ce21 |
memory/116-103-0x0000000000400000-0x0000000000549000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\LiveUpd360.dll
| MD5 | 1e801ff172ce300810f126ff998ef84d |
| SHA1 | 3d7a5a8f3c8feb167079744480c59b061ca100a8 |
| SHA256 | dcda5db8e5d2b7b5664b7b315b147c347c55f13821c23dc1d20c93bf83112b6c |
| SHA512 | 22c4382b4ab70cf5862f60e8f3769057c619b762770cb014156eb42a1216fecaf4a563664116b85e1398d209f1830c80a087663df8169b1d08bf0fd2fe9d243e |
C:\Users\Admin\AppData\Local\Temp\~5735785932928376586\360P2SP.dll
| MD5 | 01c3370a28ca91a9cdf817ea75a193f4 |
| SHA1 | 30311d34f7716c361c4355b2cead17fc5d68bf82 |
| SHA256 | 39ba7e809c6fafe1187fb7b925d03b736975e35e5ae907adf3622ef467d7dade |
| SHA512 | 11e64c998755e90c81d58cafd3d894c5b40123e455079a7b705c38cc7cb56b6204e46779c12ade3a9eac3a6d02c561a0d9e19768f77d86b13d1a0ad3a3f2cdd5 |
memory/3688-109-0x0000000003440000-0x0000000003441000-memory.dmp