842cae810a0e34dec70cbdcff61a82b8fa9ad229f6c16012f2ca4b6e37e4c85d

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 03:27

Target

14838128864996aa8e76a15ec255390d_JaffaCakes118.exe
Size

100KB
MD5

14838128864996aa8e76a15ec255390d
SHA1

47458d2d13b9baf61b04fa08f34e0733c8e802d6
SHA256

842cae810a0e34dec70cbdcff61a82b8fa9ad229f6c16012f2ca4b6e37e4c85d
SHA512

90ed3ca0d473f41246ff893fe5d52a3336f04bfa7251c9f9e920c7d7a39ee01f49fe4540fc013ec798b40a7d596987c9c4ad41fcf557902be97d18967c1e49e1
SSDEEP

768:p7FCmGXVzmXphzUMxuSAfE87xO/hFLk6hlyLWhPtg:dFeXZmXpZ/xuS8xOHLRP

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2744	cmd.exe

Loads dropped DLL 2 IoCs

pid	Process
2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe
2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\sqmapi32.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\sqmapi32.dll	cmd.exe
File opened for modification	C:\Windows\SysWOW64\chdatl.cfg	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\chdatl.dll	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\chdatl.dll	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe
476	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe
Token: SeDebugPrivilege	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2724	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2724	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2724	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2724	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe	28
PID 2132 wrote to memory of 1216	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe	21
PID 2132 wrote to memory of 2744	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe	30
PID 2132 wrote to memory of 2744	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe	30
PID 2132 wrote to memory of 2744	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe	30
PID 2132 wrote to memory of 2744	2132	14838128864996aa8e76a15ec255390d_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\tmp1344.tmp

Filesize
4KB

MD5
40245b744f11da06b97f16090b58573a

SHA1
b25c10d1da36770828762b345f9c7d42a9fb2924

SHA256
500f3e8329742616c74bec7ec9459f056f31b1e746afa73bc25f8c3f83f9d40e

SHA512
2e94c1bd6fb0bde69f369cf5cc551e7a3fc65130722e8980d04aeeaf4468708b7dc190f0cac27186161134e699f55647b5e5ae48496f20dcb148271977eee49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp1345.bat

Filesize
145B

MD5
b19651ad0758d7521c6474d4f4114684

SHA1
4d82d1426394913bdfb619932a841c974eeb71c0

SHA256
c83b28d60bfd756abb08490a3281024e2c074fba1b8c192468956f9b83b3ce4f

SHA512
73174409789ce8310a3ca15c28c6c781c23115928dfd9c1cd089a243c383ddebb16c13f9df32261240cfbbe56d3bac146f97eb07a6b59135d23348725d3e14a8

Download Submit
memory/1216-17-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/2132-14-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2132-18-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2132-19-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download