16730c2b5157091108d06a4a9d7b2072b1dc6dc22ec97a2635de3bf12517baa9

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 21:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe
Size

593KB
MD5

0082681be3db5d8f6b385c34a7cb9541
SHA1

2e5fbeebbbe8bb08c4b4095a62c621557e033b35
SHA256

16730c2b5157091108d06a4a9d7b2072b1dc6dc22ec97a2635de3bf12517baa9
SHA512

cbb1b56c04df1e615f010e7bd8fe3cd17ba02a49eb3ecccc0b5eeae11b389c8ee78e3ee58a44a97a56c1d97029c990deaec17d78555ee72247edec10bfe235ed
SSDEEP

12288:oHWYg1ieQ7NfOKn2NkBjm1q0BbTgoWTHQo30veJTv3PdEXR:oHtf7/nsamY0BgoNRGJTq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3584	Klmker.com.cn.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Klmker.com.cn.exe	0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe
File opened for modification	C:\Windows\Klmker.com.cn.exe	0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4536	0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe
Token: SeDebugPrivilege	3584	Klmker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3584	Klmker.com.cn.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 1244	3584	Klmker.com.cn.exe	88
PID 3584 wrote to memory of 1244	3584	Klmker.com.cn.exe	88

C:\Users\Admin\AppData\Local\Temp\0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0082681be3db5d8f6b385c34a7cb9541_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4536

C:\Windows\Klmker.com.cn.exe
C:\Windows\Klmker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:1244

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Klmker.com.cn.exe

Filesize
593KB

MD5
0082681be3db5d8f6b385c34a7cb9541

SHA1
2e5fbeebbbe8bb08c4b4095a62c621557e033b35

SHA256
16730c2b5157091108d06a4a9d7b2072b1dc6dc22ec97a2635de3bf12517baa9

SHA512
cbb1b56c04df1e615f010e7bd8fe3cd17ba02a49eb3ecccc0b5eeae11b389c8ee78e3ee58a44a97a56c1d97029c990deaec17d78555ee72247edec10bfe235ed

Download Submit
memory/3584-76-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/3584-80-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4536-0-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4536-1-0x00000000006F0000-0x000000000073B000-memory.dmp

Filesize
300KB

Download
memory/4536-12-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/4536-11-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/4536-10-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/4536-9-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/4536-8-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/4536-7-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/4536-13-0x0000000002920000-0x0000000002923000-memory.dmp

Filesize
12KB

Download
memory/4536-16-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/4536-49-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/4536-48-0x0000000002D20000-0x0000000002D21000-memory.dmp

Filesize
4KB

Download
memory/4536-47-0x0000000002D40000-0x0000000002D41000-memory.dmp

Filesize
4KB

Download
memory/4536-46-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/4536-45-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/4536-44-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/4536-43-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/4536-42-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/4536-41-0x0000000002B80000-0x0000000002B81000-memory.dmp

Filesize
4KB

Download
memory/4536-40-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/4536-39-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/4536-38-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/4536-51-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/4536-71-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/4536-70-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/4536-69-0x00000000031E0000-0x00000000031E1000-memory.dmp

Filesize
4KB

Download
memory/4536-68-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/4536-67-0x00000000031C0000-0x00000000031C1000-memory.dmp

Filesize
4KB

Download
memory/4536-66-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/4536-65-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/4536-64-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/4536-63-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/4536-62-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/4536-61-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/4536-59-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/4536-58-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/4536-57-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/4536-56-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/4536-55-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/4536-54-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/4536-53-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/4536-52-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/4536-50-0x0000000002D30000-0x0000000002D31000-memory.dmp

Filesize
4KB

Download
memory/4536-60-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/4536-37-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/4536-36-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/4536-35-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/4536-34-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/4536-33-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/4536-32-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/4536-31-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/4536-30-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/4536-29-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/4536-28-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/4536-27-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/4536-26-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/4536-25-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/4536-24-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/4536-23-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/4536-22-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/4536-21-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4536-20-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/4536-19-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/4536-18-0x0000000002940000-0x0000000002941000-memory.dmp

Filesize
4KB

Download
memory/4536-17-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/4536-15-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/4536-14-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/4536-6-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/4536-5-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/4536-4-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/4536-3-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/4536-2-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/4536-79-0x00000000006F0000-0x000000000073B000-memory.dmp

Filesize
300KB

Download
memory/4536-78-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download