b4c13a30f954de2c55e1557349a7147e03501c7a1a1f1d40d03b7f0d1ff3fa71

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe
Size

6.7MB
MD5

aa8b9881b4f27ee6c25128949eb52356
SHA1

e587b2c4d33374318672684e88237e411b319cbb
SHA256

b4c13a30f954de2c55e1557349a7147e03501c7a1a1f1d40d03b7f0d1ff3fa71
SHA512

38505f88e4e4fa48be576db18a3e87073c720d359908a5641f8b83e65f8f9997ccc250d35e163099d1b738688dfbdab54c6491547472fd51bc5a3d96bdbb20ec
SSDEEP

98304:Kif84n0cw9M4esoQjzV072kCHHsE1Hke/HsEvcO7YGclNiE4wGDEfSZ/:eVcsM+B0CkwP97YfeE430K/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2100	aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe
2976	aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe
2100	aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2100	aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2100	aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2100

C:\Users\Admin\AppData\Local\Temp\aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aa8b9881b4f27ee6c25128949eb52356_JaffaCakes118.exe" -downpower -msgwndname=wpssetup_message_F767DF6
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wps\~f767f6d\CONTROL\default\Triangle.png

Filesize
171B

MD5
5adb7b2a488cf2d9b1700a5be293c312

SHA1
57491297ef84f2cc2ab8aad3ec4d1fe03a0d73b1

SHA256
fb33597f6dddd7f8b93e1c279383481e0bbdfc74249242acc27775b904a40b1d

SHA512
13ea36bf5d6d2d376e960b7515ebb04741d075d1caba09bce5c59b3eac5f210e12829dafaa1df69d29507198470e5d4a9aaa505258deed17fd5166b1e2343686

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~f767f6d\CONTROL\pl_PL\style.xml

Filesize
3KB

MD5
b15fc6b74ac1c6c4e6dbc1b4ccf1a4be

SHA1
0e6b747cabb6dceca5fe6a09482a512978d1d341

SHA256
5ce494fad44cb2b94dfd1fed14b0f42230ea245410beed5297a044b11f852bfd

SHA512
486094530835f8a1c8dbe433d5a85a5745df10aa84e3e05cb1cffbe2edc2ce86531043b3caacc21cd9252ce75857f2551a1d13d71be7905663dbbd10fe11cb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~f767f6d\CONTROL\product.dat

Filesize
38KB

MD5
4eb1fc42436eb4e3505fb0b401b9028f

SHA1
4cebdf7ce3a898265754bdc197b22a993d7d3d42

SHA256
58b97b57f4622ec10c33d4b4b2a0c6ff98365c220936357760114b595524454b

SHA512
35855d8e0961cec65c6997afe86228a149daf52c6658247b3691d6d54f652f8b0d07bfe568443d9f2724e15e100910b15c25594e59b834fa60c3b930405f0339

Download Submit
C:\Users\Admin\AppData\Local\tempinstall.ini

Filesize
316B

MD5
24eb6accceb9492c295d627fb62b3b3f

SHA1
fe88497c2d5c363af163ff0095cf682038a9dbed

SHA256
3c5c80b9671aa76822792e6b9335542ce8ee46df706a550f9fe90de9296f5b1b

SHA512
a9ba6451f396f6dd34bd366e2907956e239cbd13e299a8965ebc109f9f9ea09efdcf9fbc5dc0b7ecf37ec8c72f6d1d57b947dfc5b45638ac43950d53a4c91927

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log

Filesize
7KB

MD5
3b074814abc1f608ad05558d380aa0e0

SHA1
64835f788e276ac31feaf183fe0af1bb335d34d9

SHA256
1c5615fce22dd15a1052db52b956a41b73bbc6a94495b34a3a5e676799beaec3

SHA512
ac263bd829d1fcb84bf3a8395efe3e23ca2ebd97b92104343b56eeaef99982cbcc6959a53b3dd3d01edc44e0d465d5a5a7377f430c911ec9193158bc80d4eab2

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log

Filesize
216B

MD5
5ab74a007adfa09e4523d7c3fe880e49

SHA1
bd98fc2161af4ca134f53450cbc135218491647a

SHA256
37f1868695dfae59547c3b800eeb6e4a1d8ec2b4efd961e2679abd5ec5a27ccf

SHA512
0f148a0b45e287d3ef394d2285e74a70c095a7bcbe0f4e3eac00eac3155fa89ee2cb6fb6f1985c2150f5e02d8cb42e7f2eb3373632bd943bb551a1cf9421e63b

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log

Filesize
307B

MD5
5b3b40c724efbce6c07a0e1b55d42928

SHA1
4f3834b862e79bcd544cc9b135be6ad6bdc02d5a

SHA256
fa513b5b114937faea5de19904f02587caa3926e5297fe5eabbf21fe6222a608

SHA512
200524095652dfeaedd2b4f433b32bc04089f3985b501c3ff9ffc75edcf9a3d9cafdbc35f8750fcc4103ee1f4bad305a8c8666a22de92f819250df5da947351b

Download Submit
memory/2100-1-0x0000000002160000-0x0000000002162000-memory.dmp

Filesize
8KB

Download
memory/2100-184-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2100-197-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2976-16-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download