Analysis
-
max time kernel
51s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24/06/2024, 10:39
General
-
Target
08041e6290287a2ac3d2d758babc67b9_JaffaCakes118.exe
-
Size
46KB
-
MD5
08041e6290287a2ac3d2d758babc67b9
-
SHA1
e4ec9b276d7c124ece690cb5fcd510391445e9ab
-
SHA256
7243974da66be9761287ec8737bf65b185c96c34a7e9b57c4393bfa0d3c61d98
-
SHA512
5399fc52dc27b1b4589601b6521789902ed342cd908ed76f27e8b4a1a8f79831f7b1a87dcaf30b2eecc8719328c5f7f92a254e07bbda7835be0a2889566049e7
-
SSDEEP
768:8+aXf8qRaL8qqFaCN5iNchDJ2pyeiTTKbedRIZl61TK8C9pWf95:8+aXkGaL8raCrKch92Biib6+/8QW15
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Runs net.exe
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08041e6290287a2ac3d2d758babc67b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08041e6290287a2ac3d2d758babc67b9_JaffaCakes118.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\rund1132.exeC:\WINDOWS\rund1132.exe C:\Users\Admin\AppData\Local\Temp\08041e6290287a2ac3d2d758babc67b9_JaffaCakes118.exe2⤵
- Deletes itself
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\WINDOWS\SystemDir.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc config Schedule start= AUTO4⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\net.exenet start schedule4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 start schedule5⤵
-
-
-
C:\Windows\SysWOW64\at.exeAT 0:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 1:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 2:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 3:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 4:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 5:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 6:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 7:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 8:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 9:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 10:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 11:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 12:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 13:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 14:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 15:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 16:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 17:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 18:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 19:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 20:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 21:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 22:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 23:00 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 0:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 1:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 2:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 3:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 4:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 5:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 6:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 7:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 8:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 9:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 10:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 11:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 12:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 13:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 14:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 15:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 16:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 17:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 18:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 19:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 20:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 21:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 22:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
C:\Windows\SysWOW64\at.exeAT 23:30 /interactive /every:M,T,W,Th,F,S,Su C:\WINDOWS\rund1132.exe4⤵
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD510e2f7de449e709034d8e3f645ffbfd0
SHA1c1af15c66194014a7bc3433ea764f609a3a357dd
SHA256021189bf84dd3ba86178cd85a903d4ef41e80396710a368f5d6b0586e987662e
SHA512a16925febe5e39b3c89843f151544b71d62843ee7d0090c20a3f323b91739a8fd5e365d32f5b3473102689b30bfd5763015897b75137ef6dba9da5beead08dee
-
Filesize
46KB
MD5471e1069655b2a2140bc0dd8eae7cc02
SHA16b998ceda2e7afcd235bbee47e85b2400f0ba6f4
SHA2560ef38e41e9ad3ce8bc29ca4825024e1082e15eb265beb06f49daf1f10433de8a
SHA51215f98e8c7fa7f64477db1d244c4407ead3e60a9a1b02e7358fe1537f3f6f9f35c67adb391a61e0856a8b181b033548c8a3fc8c468d4af64152ae756f0fab3309
-
Filesize
120KB
-
Filesize
8KB
-
Filesize
120KB
-
Filesize
8KB
-
Filesize
120KB