472b33bf9525df257c3193fea1fd54b8d2ea0b8a7fe97287cdd6cce215f52616

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe
Size

557KB
MD5

0fd5b6c91102eed67a00d796ddb4f9bb
SHA1

fe2c4a2e9d125fb0efb81197e5ea163463dac542
SHA256

472b33bf9525df257c3193fea1fd54b8d2ea0b8a7fe97287cdd6cce215f52616
SHA512

a6ac32869de712bc93b1104c02a1c2f380c1623b4ae752b708e2b7694ec3fd1718e4c8391caa00b9a963bf8832ce5e4e26d9494e4b1a7169578d09c92e2eff9e
SSDEEP

12288:+mzzHMNNFBGJucCnCP3WsHL5ijB5SkHI8tdqG3kzNmxJn:+mnAmYq+QVi5SkDdqGQmTn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1912	svchost.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe
File opened for modification	C:\Windows\svchost.exe	0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe
File created	C:\Windows\UNINSTAL.BAT	0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4920	4660	WerFault.exe	82

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4660	0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe
Token: SeDebugPrivilege	1912	svchost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1912	svchost.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 3012	1912	svchost.exe	88
PID 1912 wrote to memory of 3012	1912	svchost.exe	88
PID 4660 wrote to memory of 5072	4660	0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe	96
PID 4660 wrote to memory of 5072	4660	0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe	96
PID 4660 wrote to memory of 5072	4660	0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe	96

C:\Users\Admin\AppData\Local\Temp\0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fd5b6c91102eed67a00d796ddb4f9bb_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 704
  2⤵
  - Program crash
  PID:4920
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\UNINSTAL.BAT
  2⤵
  PID:5072

C:\Windows\svchost.exe
C:\Windows\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4660 -ip 4660
1⤵
PID:1668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\UNINSTAL.BAT

Filesize
214B

MD5
1d63622b9e9664df9cbc53b96f3afca2

SHA1
0b85a91040f8b90736c6a669a870c157f1d0979d

SHA256
65e36d9e2277a4507c7a33b66a6274e8d8d4b979f2b83eed38e7b8d9c0dc105c

SHA512
452e73daa157164d9e764505f505c605423a423c7053ed1b79a31fe1dd3cf3cee0e463674738cfcc7bfc322023553a45bc8e090affb590b04b06820e780aa5e6

Download Submit
C:\Windows\svchost.exe

Filesize
557KB

MD5
0fd5b6c91102eed67a00d796ddb4f9bb

SHA1
fe2c4a2e9d125fb0efb81197e5ea163463dac542

SHA256
472b33bf9525df257c3193fea1fd54b8d2ea0b8a7fe97287cdd6cce215f52616

SHA512
a6ac32869de712bc93b1104c02a1c2f380c1623b4ae752b708e2b7694ec3fd1718e4c8391caa00b9a963bf8832ce5e4e26d9494e4b1a7169578d09c92e2eff9e

Download Submit
memory/1912-71-0x0000000000400000-0x0000000000634000-memory.dmp

Filesize
2.2MB

Download
memory/1912-78-0x0000000000400000-0x0000000000634000-memory.dmp

Filesize
2.2MB

Download
memory/4660-0-0x0000000000400000-0x0000000000634000-memory.dmp

Filesize
2.2MB

Download
memory/4660-1-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/4660-2-0x00000000021B0000-0x00000000021FB000-memory.dmp

Filesize
300KB

Download
memory/4660-15-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/4660-18-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/4660-17-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/4660-16-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/4660-14-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/4660-13-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/4660-12-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/4660-11-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/4660-28-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/4660-47-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/4660-46-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/4660-45-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/4660-44-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/4660-29-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/4660-43-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/4660-68-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/4660-67-0x00000000032D0000-0x00000000032D1000-memory.dmp

Filesize
4KB

Download
memory/4660-66-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/4660-65-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/4660-64-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/4660-63-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/4660-62-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/4660-61-0x0000000002F30000-0x0000000002F31000-memory.dmp

Filesize
4KB

Download
memory/4660-60-0x0000000002F40000-0x0000000002F41000-memory.dmp

Filesize
4KB

Download
memory/4660-59-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/4660-58-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/4660-57-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

Filesize
4KB

Download
memory/4660-56-0x0000000002F00000-0x0000000002F01000-memory.dmp

Filesize
4KB

Download
memory/4660-55-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

Filesize
4KB

Download
memory/4660-54-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

Filesize
4KB

Download
memory/4660-53-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

Filesize
4KB

Download
memory/4660-52-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

Filesize
4KB

Download
memory/4660-51-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download
memory/4660-50-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4660-42-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/4660-41-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/4660-40-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/4660-39-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/4660-38-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/4660-37-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/4660-36-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/4660-35-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/4660-34-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/4660-33-0x0000000002C60000-0x0000000002C61000-memory.dmp

Filesize
4KB

Download
memory/4660-32-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/4660-31-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/4660-30-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/4660-26-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/4660-25-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/4660-21-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/4660-23-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/4660-22-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/4660-20-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/4660-19-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/4660-27-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/4660-24-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/4660-10-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/4660-9-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/4660-8-0x0000000002A40000-0x0000000002A43000-memory.dmp

Filesize
12KB

Download
memory/4660-7-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/4660-6-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4660-5-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4660-4-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4660-3-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4660-72-0x0000000000400000-0x0000000000634000-memory.dmp

Filesize
2.2MB

Download
memory/4660-75-0x00000000021B0000-0x00000000021FB000-memory.dmp

Filesize
300KB

Download
memory/4660-76-0x0000000000400000-0x0000000000634000-memory.dmp

Filesize
2.2MB

Download