16730c2b5157091108d06a4a9d7b2072b1dc6dc22ec97a2635de3bf12517baa9

Analysis

max time kernel
141s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 21:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe
Size

593KB
MD5

0082681be3db5d8f6b385c34a7cb9541
SHA1

2e5fbeebbbe8bb08c4b4095a62c621557e033b35
SHA256

16730c2b5157091108d06a4a9d7b2072b1dc6dc22ec97a2635de3bf12517baa9
SHA512

cbb1b56c04df1e615f010e7bd8fe3cd17ba02a49eb3ecccc0b5eeae11b389c8ee78e3ee58a44a97a56c1d97029c990deaec17d78555ee72247edec10bfe235ed
SSDEEP

12288:oHWYg1ieQ7NfOKn2NkBjm1q0BbTgoWTHQo30veJTv3PdEXR:oHtf7/nsamY0BgoNRGJTq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2756	Klmker.com.cn.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Klmker.com.cn.exe	0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe
File opened for modification	C:\Windows\Klmker.com.cn.exe	0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1688	0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe
Token: SeDebugPrivilege	2756	Klmker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	Klmker.com.cn.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2516	2756	Klmker.com.cn.exe	29
PID 2756 wrote to memory of 2516	2756	Klmker.com.cn.exe	29
PID 2756 wrote to memory of 2516	2756	Klmker.com.cn.exe	29
PID 2756 wrote to memory of 2516	2756	Klmker.com.cn.exe	29

C:\Users\Admin\AppData\Local\Temp\0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1688

C:\Windows\Klmker.com.cn.exe
C:\Windows\Klmker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Klmker.com.cn.exe

Filesize
593KB

MD5
0082681be3db5d8f6b385c34a7cb9541

SHA1
2e5fbeebbbe8bb08c4b4095a62c621557e033b35

SHA256
16730c2b5157091108d06a4a9d7b2072b1dc6dc22ec97a2635de3bf12517baa9

SHA512
cbb1b56c04df1e615f010e7bd8fe3cd17ba02a49eb3ecccc0b5eeae11b389c8ee78e3ee58a44a97a56c1d97029c990deaec17d78555ee72247edec10bfe235ed

Download Submit
memory/1688-0-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/1688-1-0x0000000000330000-0x000000000037B000-memory.dmp

Filesize
300KB

Download
memory/1688-12-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/1688-11-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/1688-10-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/1688-9-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/1688-8-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1688-7-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/1688-6-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/1688-5-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/1688-4-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1688-3-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/1688-2-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/1688-13-0x0000000002820000-0x0000000002823000-memory.dmp

Filesize
12KB

Download
memory/1688-49-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/1688-58-0x0000000002B80000-0x0000000002B81000-memory.dmp

Filesize
4KB

Download
memory/1688-57-0x00000000038D0000-0x00000000038D1000-memory.dmp

Filesize
4KB

Download
memory/1688-56-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/1688-55-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/1688-54-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/1688-14-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/1688-53-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/1688-52-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/1688-51-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/1688-50-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/1688-48-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1688-47-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/1688-46-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/1688-45-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/1688-44-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1688-43-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/1688-42-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/1688-41-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/1688-40-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download
memory/1688-39-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/1688-38-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1688-37-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/1688-36-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/1688-35-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/1688-34-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/1688-33-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/1688-32-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/1688-31-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/1688-30-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/1688-29-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/1688-28-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/1688-27-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/1688-26-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/1688-25-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/1688-24-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/1688-23-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1688-22-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/1688-21-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/1688-20-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/1688-19-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/1688-18-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/1688-17-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/1688-16-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1688-15-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/1688-61-0x0000000003A30000-0x0000000003A31000-memory.dmp

Filesize
4KB

Download
memory/1688-66-0x0000000003A60000-0x0000000003A61000-memory.dmp

Filesize
4KB

Download
memory/1688-73-0x0000000003AE0000-0x0000000003AE1000-memory.dmp

Filesize
4KB

Download
memory/1688-72-0x0000000003AC0000-0x0000000003AC1000-memory.dmp

Filesize
4KB

Download
memory/1688-71-0x0000000003AD0000-0x0000000003AD1000-memory.dmp

Filesize
4KB

Download
memory/1688-70-0x0000000003AA0000-0x0000000003AA1000-memory.dmp

Filesize
4KB

Download
memory/1688-69-0x0000000003AB0000-0x0000000003AB1000-memory.dmp

Filesize
4KB

Download
memory/1688-68-0x0000000003A80000-0x0000000003A81000-memory.dmp

Filesize
4KB

Download
memory/1688-67-0x0000000003A90000-0x0000000003A91000-memory.dmp

Filesize
4KB

Download
memory/1688-65-0x0000000003A70000-0x0000000003A71000-memory.dmp

Filesize
4KB

Download
memory/1688-64-0x0000000003A40000-0x0000000003A41000-memory.dmp

Filesize
4KB

Download
memory/1688-62-0x0000000003A20000-0x0000000003A21000-memory.dmp

Filesize
4KB

Download
memory/1688-63-0x0000000003A50000-0x0000000003A51000-memory.dmp

Filesize
4KB

Download
memory/1688-77-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/1688-78-0x0000000000330000-0x000000000037B000-memory.dmp

Filesize
300KB

Download
memory/2756-75-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2756-79-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2756-80-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download