1ba66d70dd00a522060374fa9bd4199c9064fd913672d39391a2b29a2388f479

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00e7345f2452088e56bb333f5f720bdc_JaffaCakes118.exe
Size

691KB
MD5

00e7345f2452088e56bb333f5f720bdc
SHA1

99772c739a5b08af8100afe4640147550a10e4ba
SHA256

1ba66d70dd00a522060374fa9bd4199c9064fd913672d39391a2b29a2388f479
SHA512

53e17155475454bed73d9d54830d213d811ea6f593dc694763b1bbc2f8e2fdcb2b9d0e1ac4834f3f2a7c6995aafcd907b1dcbb8eaa67e71df0d83b62c7951a2e
SSDEEP

12288:U+a37MHT5iqHf0s9Ws0u9d7UZ3EHvW/Zoiq5F3Z4mxxNvbmELknJFwi5CxKk:da37go4cs0sL95Q3EPW/kQmXNvbTWUiQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4308	Hacker.com.cn.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\pRogram Files\Hacker.com.cn.exe	00e7345f2452088e56bb333f5f720bdc_JaffaCakes118.exe
File opened for modification	C:\pRogram Files\Hacker.com.cn.exe	00e7345f2452088e56bb333f5f720bdc_JaffaCakes118.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4372	2160	WerFault.exe	82
3776	4308	WerFault.exe	90

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2160	00e7345f2452088e56bb333f5f720bdc_JaffaCakes118.exe
Token: SeDebugPrivilege	4308	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4308	Hacker.com.cn.exe

C:\Users\Admin\AppData\Local\Temp\00e7345f2452088e56bb333f5f720bdc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00e7345f2452088e56bb333f5f720bdc_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 340
  2⤵
  - Program crash
  PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2160 -ip 2160
1⤵
PID:2812

C:\pRogram Files\Hacker.com.cn.exe
"C:\pRogram Files\Hacker.com.cn.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4308
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 320
  2⤵
  - Program crash
  PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4308 -ip 4308
1⤵
PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Hacker.com.cn.exe

Filesize
691KB

MD5
00e7345f2452088e56bb333f5f720bdc

SHA1
99772c739a5b08af8100afe4640147550a10e4ba

SHA256
1ba66d70dd00a522060374fa9bd4199c9064fd913672d39391a2b29a2388f479

SHA512
53e17155475454bed73d9d54830d213d811ea6f593dc694763b1bbc2f8e2fdcb2b9d0e1ac4834f3f2a7c6995aafcd907b1dcbb8eaa67e71df0d83b62c7951a2e

Download Submit
memory/2160-0-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download
memory/2160-1-0x0000000000740000-0x0000000000794000-memory.dmp

Filesize
336KB

Download
memory/2160-3-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/2160-2-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/2160-9-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-13-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-55-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-61-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-16-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-60-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-59-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-58-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-57-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-56-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-54-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-53-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-52-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-51-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-50-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-49-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-48-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-47-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-46-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-45-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-44-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-43-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-42-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-41-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-40-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-39-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-38-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-37-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-36-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2160-35-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2160-34-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2160-33-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2160-32-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2160-31-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-30-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/2160-29-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2160-28-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2160-27-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2160-26-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/2160-25-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/2160-24-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/2160-23-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/2160-22-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/2160-21-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2160-20-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-19-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-18-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-17-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-15-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-14-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-12-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-11-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2160-10-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2160-8-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/2160-7-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/2160-6-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/2160-5-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/2160-4-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/2160-69-0x0000000000740000-0x0000000000794000-memory.dmp

Filesize
336KB

Download
memory/2160-68-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download
memory/4308-66-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download
memory/4308-70-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download
memory/4308-71-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download