b26b12f6902edc120d809df1e256c18f2c0fc231ea56929c462c27ca4beb6bf9

Analysis

max time kernel
134s
max time network
133s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe
Size

549KB
MD5

0e5a40d7feb71b68d499d3be2bc204a1
SHA1

19a02198e492e0191d53876e42e52f0f3551455f
SHA256

b26b12f6902edc120d809df1e256c18f2c0fc231ea56929c462c27ca4beb6bf9
SHA512

e33d643081c18978dc51e0cf172e15c9aa8ee48b31cd42184c9580f40162019a5b982f72de957713817ce08bfe1de4bdec477b95002bb631ea0ccc5663fc0fa0
SSDEEP

12288:asTGcl+ha56ebBtmR1qY+1ZELraAH/HiK6:ahM6Qtqqh0H0

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2276	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2484	Hacker.com.cn.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\guocok88.BAT	0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe
File created	C:\Windows\Hacker.com.cn.exe	0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1968	0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe
Token: SeDebugPrivilege	2484	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2484	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2928	2484	Hacker.com.cn.exe	29
PID 2484 wrote to memory of 2928	2484	Hacker.com.cn.exe	29
PID 2484 wrote to memory of 2928	2484	Hacker.com.cn.exe	29
PID 2484 wrote to memory of 2928	2484	Hacker.com.cn.exe	29
PID 1968 wrote to memory of 2276	1968	0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe	30
PID 1968 wrote to memory of 2276	1968	0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe	30
PID 1968 wrote to memory of 2276	1968	0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe	30
PID 1968 wrote to memory of 2276	1968	0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0e5a40d7feb71b68d499d3be2bc204a1_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\guocok88.BAT
  2⤵
  - Deletes itself
  PID:2276

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
549KB

MD5
0e5a40d7feb71b68d499d3be2bc204a1

SHA1
19a02198e492e0191d53876e42e52f0f3551455f

SHA256
b26b12f6902edc120d809df1e256c18f2c0fc231ea56929c462c27ca4beb6bf9

SHA512
e33d643081c18978dc51e0cf172e15c9aa8ee48b31cd42184c9580f40162019a5b982f72de957713817ce08bfe1de4bdec477b95002bb631ea0ccc5663fc0fa0

Download Submit
C:\Windows\guocok88.BAT

Filesize
218B

MD5
9611e4a65b8bfff80b1fb9c2d4829932

SHA1
abbc56de68dfa78d861487ab86d8f5c8e1ea591a

SHA256
25107efdeca5ee8cc1e96c0f9e1679a4502fc08643727f5840356626f5c9a0a5

SHA512
44aead1c266853d16e2d941b624242960f68f48c448c14efb4e7dbee45dde59bdd53b34ca455b8572997a659ce2344c247efaa0ca452a7a463109f5def982b89

Download Submit
memory/1968-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1968-0-0x0000000000400000-0x0000000000598000-memory.dmp

Filesize
1.6MB

Download
memory/1968-2-0x0000000001DE0000-0x0000000001E2B000-memory.dmp

Filesize
300KB

Download
memory/1968-4-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/1968-5-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/1968-3-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/1968-35-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/1968-46-0x0000000002B80000-0x0000000002B81000-memory.dmp

Filesize
4KB

Download
memory/1968-45-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/1968-44-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/1968-43-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/1968-51-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/1968-50-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/1968-49-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/1968-48-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/1968-47-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/1968-42-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/1968-41-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/1968-40-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/1968-39-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1968-38-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/1968-37-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/1968-69-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/1968-68-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/1968-67-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/1968-66-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/1968-65-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/1968-64-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/1968-63-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/1968-62-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/1968-61-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/1968-60-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/1968-59-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/1968-58-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/1968-57-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/1968-56-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/1968-55-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/1968-54-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/1968-36-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/1968-34-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/1968-33-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/1968-32-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/1968-31-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/1968-30-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/1968-29-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/1968-28-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/1968-27-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/1968-26-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/1968-25-0x0000000002940000-0x0000000002941000-memory.dmp

Filesize
4KB

Download
memory/1968-24-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/1968-23-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/1968-22-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/1968-21-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/1968-20-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/1968-19-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1968-18-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/1968-17-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/1968-16-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1968-15-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1968-14-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/1968-13-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/1968-12-0x00000000028A0000-0x00000000028A3000-memory.dmp

Filesize
12KB

Download
memory/1968-11-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/1968-10-0x00000000028A0000-0x00000000029A0000-memory.dmp

Filesize
1024KB

Download
memory/1968-9-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1968-8-0x00000000028A0000-0x00000000029A0000-memory.dmp

Filesize
1024KB

Download
memory/1968-7-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/1968-6-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/1968-80-0x0000000000400000-0x0000000000598000-memory.dmp

Filesize
1.6MB

Download
memory/1968-81-0x0000000001DE0000-0x0000000001E2B000-memory.dmp

Filesize
300KB

Download
memory/2484-71-0x0000000000400000-0x0000000000598000-memory.dmp

Filesize
1.6MB

Download
memory/2484-83-0x0000000000400000-0x0000000000598000-memory.dmp

Filesize
1.6MB

Download