95c986ebbfe26f86137e189ca4a9cd318d89038a6714788dfede7550d2cf19ba

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

007ed768ceb285948ced9dbf3e3aeff3_JaffaCakes118.exe
Size

536KB
MD5

007ed768ceb285948ced9dbf3e3aeff3
SHA1

44957ce087b4588a9c561ecad088eb692bb6db6f
SHA256

95c986ebbfe26f86137e189ca4a9cd318d89038a6714788dfede7550d2cf19ba
SHA512

9af05a8b7ecfbcb361541c895ee03c4d9c64b2aad6547a8c2ba9ad9c3f515260bf63005faeef1f6f98978e1df9b5d9bdd92b7e38f873b0749ec25f461e739aef
SSDEEP

12288:N/Nczc06iRQPRXNkDMHQo30veSBiQPp4kv8Tq:zmc06++kDXRGELPpFU2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2500	Mok.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\systme32\Mok.exe	007ed768ceb285948ced9dbf3e3aeff3_JaffaCakes118.exe
File opened for modification	C:\Windows\systme32\Mok.exe	007ed768ceb285948ced9dbf3e3aeff3_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	992	007ed768ceb285948ced9dbf3e3aeff3_JaffaCakes118.exe
Token: SeDebugPrivilege	2500	Mok.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2500	Mok.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2680	2500	Mok.exe	29
PID 2500 wrote to memory of 2680	2500	Mok.exe	29
PID 2500 wrote to memory of 2680	2500	Mok.exe	29
PID 2500 wrote to memory of 2680	2500	Mok.exe	29

C:\Users\Admin\AppData\Local\Temp\007ed768ceb285948ced9dbf3e3aeff3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\007ed768ceb285948ced9dbf3e3aeff3_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:992

C:\Windows\systme32\Mok.exe
C:\Windows\systme32\Mok.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\systme32\Mok.exe

Filesize
536KB

MD5
007ed768ceb285948ced9dbf3e3aeff3

SHA1
44957ce087b4588a9c561ecad088eb692bb6db6f

SHA256
95c986ebbfe26f86137e189ca4a9cd318d89038a6714788dfede7550d2cf19ba

SHA512
9af05a8b7ecfbcb361541c895ee03c4d9c64b2aad6547a8c2ba9ad9c3f515260bf63005faeef1f6f98978e1df9b5d9bdd92b7e38f873b0749ec25f461e739aef

Download Submit
memory/992-30-0x0000000000400000-0x0000000000506011-memory.dmp

Filesize
1.0MB

Download
memory/992-14-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/992-13-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/992-12-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/992-11-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/992-10-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/992-9-0x0000000001D40000-0x0000000001D41000-memory.dmp

Filesize
4KB

Download
memory/992-8-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/992-7-0x0000000001D10000-0x0000000001D11000-memory.dmp

Filesize
4KB

Download
memory/992-0-0x0000000001C80000-0x0000000001CCB000-memory.dmp

Filesize
300KB

Download
memory/992-5-0x0000000001D30000-0x0000000001D31000-memory.dmp

Filesize
4KB

Download
memory/992-4-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/992-3-0x0000000001D50000-0x0000000001D51000-memory.dmp

Filesize
4KB

Download
memory/992-2-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/992-1-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/992-16-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/992-15-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/992-6-0x00000000027C0000-0x0000000002862000-memory.dmp

Filesize
648KB

Download
memory/2500-26-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-31-0x0000000000400000-0x0000000000506011-memory.dmp

Filesize
1.0MB

Download
memory/2500-20-0x0000000000340000-0x000000000038B000-memory.dmp

Filesize
300KB

Download
memory/2500-25-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-24-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-23-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-22-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-21-0x00000000026A0000-0x0000000002742000-memory.dmp

Filesize
648KB

Download
memory/2500-29-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2500-27-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-32-0x0000000000340000-0x000000000038B000-memory.dmp

Filesize
300KB

Download
memory/2500-34-0x00000000026A0000-0x0000000002742000-memory.dmp

Filesize
648KB

Download
memory/2500-40-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-41-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-39-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-38-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-37-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-36-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-35-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2500-42-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download