64fa579a0e5958683ab6a0d81f4c48b640d0030b76b56aad1139432f40231d94

Analysis

max time kernel
125s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe
Size

61KB
MD5

0d2c07ce5f10a574f48dc2c7fcd68de5
SHA1

8e2d4a3095234065692ce76496b631f52d239a32
SHA256

64fa579a0e5958683ab6a0d81f4c48b640d0030b76b56aad1139432f40231d94
SHA512

826dfbd267f70172d95bc61f304c16b573364c9af82ec781614015c5bea650cc3a289494d32e00148174cea06508628a5c102bb0b4454f9202b584755407aed8
SSDEEP

1536:cZZ9s1rA3FmPl4wK+a7SMqRPdbwK8aAAT3bPjb3Ltn+S2KeiWamt/H/oFI8UpJf6:K9sVA3FmPl4wK+a7SMqRPdbwK8aAAT3f

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\beep.sys	0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\beep.sys	3eyes.exe

Executes dropped EXE 1 IoCs

pid	Process
3952	3eyes.exe

Loads dropped DLL 1 IoCs

pid	Process
3952	3eyes.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\3eyes.exe	0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\3eyes.dll	0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\3eyes.dll	0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\3eyes.dat	3eyes.exe
File created	C:\Windows\SysWOW64\3eyes.exe	3eyes.exe
File opened for modification	C:\Windows\SysWOW64\3eyes.exe	3eyes.exe
File opened for modification	C:\Windows\SysWOW64\3eyes.dll	3eyes.exe
File created	C:\Windows\SysWOW64\3eyes.exe	0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
856	3952	WerFault.exe	88

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1232	0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 3864	1232	0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe	89
PID 1232 wrote to memory of 3864	1232	0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe	89
PID 1232 wrote to memory of 3864	1232	0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe	89

C:\Users\Admin\AppData\Local\Temp\0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0d2c07ce5f10a574f48dc2c7fcd68de5_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\0D2C07~1.EXE > nul
  2⤵
  PID:3864

C:\Windows\SysWOW64\3eyes.exe
C:\Windows\SysWOW64\3eyes.exe
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:3952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 340
  2⤵
  - Program crash
  PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3952 -ip 3952
1⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4500,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8
1⤵
PID:4048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\14754.dat

Filesize
220B

MD5
05c6807d7eb27bdce239b75aa539ebe8

SHA1
2e0ea00e6fe0bd338a0eb17c785d179692937bfb

SHA256
41238fbc28c75ded69473b489428d8383ad65a5760b2e2a8cbb7d8972ac6676a

SHA512
fabda8b94cda2948615c88b0fb68fb6b9c59cf758b4ecfcf8399244cee032a2b7108ac2140a9ea7c7c9030b119ff37211e433a126b43b6af8c17edb80cbc37ab

Download Submit
C:\Windows\SysWOW64\3eyes.dll

Filesize
45KB

MD5
cc5ec63c9a72d67c82a0dfbb3d45b63e

SHA1
ac595a56a44bb5c71441b91ce8ee301216d6fcce

SHA256
5ab7906a8e036d7945c93d7f60ac2e3a33f679d7032621d7dcdd2926489fb1bc

SHA512
2785fafaf87e948fb16b30f64b78e1f597b02052700dc973658b354efcf922b471617249aff865eb13f235608646937be18b1c0c44d6fc8ef8467aea1b2ab345

Download Submit
C:\Windows\SysWOW64\3eyes.exe

Filesize
61KB

MD5
0d2c07ce5f10a574f48dc2c7fcd68de5

SHA1
8e2d4a3095234065692ce76496b631f52d239a32

SHA256
64fa579a0e5958683ab6a0d81f4c48b640d0030b76b56aad1139432f40231d94

SHA512
826dfbd267f70172d95bc61f304c16b573364c9af82ec781614015c5bea650cc3a289494d32e00148174cea06508628a5c102bb0b4454f9202b584755407aed8

Download Submit
C:\Windows\SysWOW64\drivers\beep.sys

Filesize
3KB

MD5
3ebdb873a18aecc8d4b6c3b39002c0ea

SHA1
c465747641c9cff0faeaba8fca5558a459545bfd

SHA256
c87d8835a362be5f4e8506afb7be753cb562a7a950417df0ec7e781a0ba846bd

SHA512
77b955e6988ec1df46298505b8a2c68aaa86ccc5f7df0a66694e737ebe64326ab0ed788b156c280e207241c1815ffc16e6d1ed3e2cbf5a8a9c5cb7d990da2189

Download Submit