624b950d32db6eea8a289f09afa64cc6c093bc31f123ddfb1dfc5d0886fb7af2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe
Size

476KB
MD5

02e30fe27e2df84595ea22a15b9e7875
SHA1

b746ea1389cc531aa34e2c64661f5bee37fdca8f
SHA256

624b950d32db6eea8a289f09afa64cc6c093bc31f123ddfb1dfc5d0886fb7af2
SHA512

380c20d712f3f881da9e7a35cb6db19b4743a0143c45c2ea7cf0a86a9e7df1072454822098fd7fccf9efa6c6a95b21deb2b73b9d99333a9c2b0896c03688f2c5
SSDEEP

12288:MiZJh/KicY5cOiS0r8HEBuWgnVyLmg/TS2bW+Rg:MiZJh/KDY5co0YHaulELTS2e

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4924	system

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PRogram Files\system	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe
File opened for modification	C:\PRogram Files\system	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1948	1624	WerFault.exe	82

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	system
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	system
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	system

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1624	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 2084	1624	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe	98
PID 1624 wrote to memory of 2084	1624	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe	98
PID 1624 wrote to memory of 2084	1624	02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe	98

C:\Users\Admin\AppData\Local\Temp\02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02e30fe27e2df84595ea22a15b9e7875_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 668
  2⤵
  - Program crash
  PID:1948
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1624 -ip 1624
1⤵
PID:916

C:\PRogram Files\system
"C:\PRogram Files\system"
1⤵
- Executes dropped EXE
- Modifies registry class
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\system

Filesize
476KB

MD5
02e30fe27e2df84595ea22a15b9e7875

SHA1
b746ea1389cc531aa34e2c64661f5bee37fdca8f

SHA256
624b950d32db6eea8a289f09afa64cc6c093bc31f123ddfb1dfc5d0886fb7af2

SHA512
380c20d712f3f881da9e7a35cb6db19b4743a0143c45c2ea7cf0a86a9e7df1072454822098fd7fccf9efa6c6a95b21deb2b73b9d99333a9c2b0896c03688f2c5

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
0cb1b85f61f740f72731961157ee7f23

SHA1
0e813ecaaf49d9dae7ed4e070db95b1d56dffff4

SHA256
6d04aad6fb920a58e3cf91cd638ce97a8c5c9818020522e1e5042f27f172d842

SHA512
6e91a6b33fb190858c8e07c730ebe43dd7865255dc2446980da7e3ab11ae0a75f6d4a41030acc932cd2e067a31b9ba260b31184ce2639a93cb8e554b8dc990b2

Download Submit
memory/1624-0-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/1624-1-0x0000000002150000-0x0000000002185000-memory.dmp

Filesize
212KB

Download
memory/1624-31-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-30-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-29-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-28-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-27-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-26-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-25-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-24-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-23-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-33-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/1624-32-0x0000000002370000-0x0000000002374000-memory.dmp

Filesize
16KB

Download
memory/1624-35-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/1624-34-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/1624-22-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-37-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/1624-36-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/1624-21-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-20-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-42-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/1624-46-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/1624-51-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/1624-50-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/1624-49-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/1624-48-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/1624-47-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1624-45-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/1624-44-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/1624-43-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/1624-41-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/1624-40-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/1624-39-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/1624-38-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/1624-19-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-18-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-17-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-16-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-15-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-14-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-13-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-12-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-11-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-10-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-9-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-8-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-7-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-6-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-5-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-4-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-3-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-2-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-57-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/1624-60-0x0000000002150000-0x0000000002185000-memory.dmp

Filesize
212KB

Download
memory/1624-61-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/1624-68-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/1624-69-0x0000000002150000-0x0000000002185000-memory.dmp

Filesize
212KB

Download
memory/4924-56-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download