a9cc91878ab919d2914d8886677be0c931b7b6c537c817502dc236d2fb99c9b7

Analysis

max time kernel
142s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe
Size

453KB
MD5

0eee3ca8773665d14f51432cbf73f218
SHA1

912761e48688324c1ce28703a5b62d21c8754abc
SHA256

a9cc91878ab919d2914d8886677be0c931b7b6c537c817502dc236d2fb99c9b7
SHA512

21fdda54a89c02c576e27ae9c09a3dac2f5b59f6bb4c04de287d08cd501042d7b276798f849c0cd220635558bbbfc8c6d3e7e30716b9a85a65500426c5ddf037
SSDEEP

12288:MNAynmjY95VEM5XJFsalapOJocM4GTOJ6cdH:htjMVl5XJ++MpTI6W

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4484	KAV key.bat

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\KAV key.bat	0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe
File opened for modification	C:\Windows\KAV key.bat	0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe
File created	C:\Windows\GUOCYOKl.BAT	0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	772	0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe
Token: SeDebugPrivilege	4484	KAV key.bat

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4484	KAV key.bat

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 4436	4484	KAV key.bat	90
PID 4484 wrote to memory of 4436	4484	KAV key.bat	90
PID 772 wrote to memory of 5056	772	0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe	95
PID 772 wrote to memory of 5056	772	0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe	95
PID 772 wrote to memory of 5056	772	0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe	95

C:\Users\Admin\AppData\Local\Temp\0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0eee3ca8773665d14f51432cbf73f218_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:772
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\GUOCYOKl.BAT
  2⤵
  PID:5056

C:\Windows\KAV key.bat
"C:\Windows\KAV key.bat"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:4436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\GUOCYOKl.BAT

Filesize
218B

MD5
f474dfc174104fedb7496f3aea41a0f1

SHA1
617ab6f41352229239eb1879a235e9196558eb90

SHA256
683ae1c752580e0a580c617fad236b9cadecda3ef8e3d7216a19152cbb5407aa

SHA512
d72c71a9816781ffa2d36dc92737f702b3eeef1358a68544b277301e581bc186e3a71097da9f631fe311c3a0bda132b5fa8418c1fa7531ad3313e49cc163edb9

Download Submit
C:\Windows\KAV key.bat

Filesize
453KB

MD5
0eee3ca8773665d14f51432cbf73f218

SHA1
912761e48688324c1ce28703a5b62d21c8754abc

SHA256
a9cc91878ab919d2914d8886677be0c931b7b6c537c817502dc236d2fb99c9b7

SHA512
21fdda54a89c02c576e27ae9c09a3dac2f5b59f6bb4c04de287d08cd501042d7b276798f849c0cd220635558bbbfc8c6d3e7e30716b9a85a65500426c5ddf037

Download Submit
memory/772-0-0x0000000000400000-0x00000000005DA000-memory.dmp

Filesize
1.9MB

Download
memory/772-1-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/772-2-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/772-3-0x0000000002270000-0x00000000022B3000-memory.dmp

Filesize
268KB

Download
memory/772-7-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/772-6-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/772-5-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/772-4-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/772-8-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/772-13-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/772-12-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/772-11-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/772-10-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/772-9-0x0000000002490000-0x0000000002493000-memory.dmp

Filesize
12KB

Download
memory/772-16-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/772-15-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/772-14-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/772-18-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/772-17-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/772-30-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/772-32-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/772-31-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/772-29-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/772-28-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/772-27-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/772-26-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/772-25-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/772-24-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/772-23-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/772-22-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/772-21-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/772-20-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/772-35-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/772-19-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/772-38-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/772-37-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/772-36-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/772-64-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/772-68-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/772-69-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/772-71-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/772-70-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/772-67-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/772-72-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/772-83-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

Filesize
4KB

Download
memory/772-87-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/772-86-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/772-85-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/772-84-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/772-82-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

Filesize
4KB

Download
memory/772-81-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/772-80-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

Filesize
4KB

Download
memory/772-74-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/772-79-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download
memory/772-78-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download
memory/772-77-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/772-76-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/772-75-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/772-73-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/772-66-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/772-65-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/772-63-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/772-62-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/772-61-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/772-60-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/772-59-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/772-58-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/772-57-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/772-56-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/772-55-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/772-54-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/772-53-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/772-52-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/772-51-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/772-50-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/772-49-0x0000000002940000-0x0000000002941000-memory.dmp

Filesize
4KB

Download
memory/772-48-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/772-47-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/772-46-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/772-45-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/772-44-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/772-43-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/772-42-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/772-41-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/772-40-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/772-39-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/772-90-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

Filesize
4KB

Download
memory/772-89-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

Filesize
4KB

Download
memory/772-94-0x0000000000400000-0x00000000005DA000-memory.dmp

Filesize
1.9MB

Download
memory/772-95-0x0000000002270000-0x00000000022B3000-memory.dmp

Filesize
268KB

Download
memory/4484-97-0x0000000000400000-0x00000000005DA000-memory.dmp

Filesize
1.9MB

Download