d32852e77729cd98888e113fe3ae36bee26883d68c4fb42a1ede78d17e0cb086

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 12:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe
Size

438KB
MD5

15f1e5701eb0ac8fcaeac66cf79254f7
SHA1

3eaf589eb291d9ce96156a83fcd45a178a2f6c00
SHA256

d32852e77729cd98888e113fe3ae36bee26883d68c4fb42a1ede78d17e0cb086
SHA512

47fba9926e080625dbb62621d25ca85b0e3e0cd2e2631be3398a04588a67bf68cf29d86328c4234447683f997f53679c95b6e4e2c275a98686d4c1a7f8103fa7
SSDEEP

12288:nbrUg1hIvf6vunR/iDWVZSKjNDNtTirdX:LHAf6WQDsZ/jNjTEdX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4356	Svchostv.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Svchostv.exe	15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Svchostv.exe	15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Svchostv.exe	Svchostv.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5024	15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe
Token: SeDebugPrivilege	4356	Svchostv.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 760	5024	15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe	86
PID 5024 wrote to memory of 760	5024	15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe	86
PID 5024 wrote to memory of 760	5024	15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\15f1e5701eb0ac8fcaeac66cf79254f7_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:760

C:\Windows\SysWOW64\Svchostv.exe
C:\Windows\SysWOW64\Svchostv.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:4356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Svchostv.exe

Filesize
438KB

MD5
15f1e5701eb0ac8fcaeac66cf79254f7

SHA1
3eaf589eb291d9ce96156a83fcd45a178a2f6c00

SHA256
d32852e77729cd98888e113fe3ae36bee26883d68c4fb42a1ede78d17e0cb086

SHA512
47fba9926e080625dbb62621d25ca85b0e3e0cd2e2631be3398a04588a67bf68cf29d86328c4234447683f997f53679c95b6e4e2c275a98686d4c1a7f8103fa7

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
7db7275162e48dcd7fa055a7b3d2352b

SHA1
9d6764428921f1e2335f1f099626f756d9cb1720

SHA256
1fd0d2e0e6532529485f64e83875f18534cfc7b624ea0f5da0f67caabf905a79

SHA512
18278b829658fb589983a81859cd6b146ad8077a10542419ea729dc39fe8ffedd8ec94b3563faae48af8e7b45299df74d0e5dde380b048124a2de524ad8c4913

Download Submit
memory/4356-90-0x0000000000D30000-0x0000000000D73000-memory.dmp

Filesize
268KB

Download
memory/4356-89-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/4356-91-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/4356-92-0x0000000000D30000-0x0000000000D73000-memory.dmp

Filesize
268KB

Download
memory/5024-56-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/5024-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/5024-45-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/5024-44-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/5024-43-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/5024-42-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/5024-41-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/5024-40-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/5024-39-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/5024-38-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/5024-37-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/5024-84-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/5024-83-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/5024-82-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/5024-81-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/5024-80-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/5024-79-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/5024-52-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/5024-77-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/5024-49-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/5024-76-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/5024-75-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/5024-74-0x0000000002D30000-0x0000000002D31000-memory.dmp

Filesize
4KB

Download
memory/5024-73-0x0000000002D40000-0x0000000002D41000-memory.dmp

Filesize
4KB

Download
memory/5024-72-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/5024-71-0x0000000002D20000-0x0000000002D21000-memory.dmp

Filesize
4KB

Download
memory/5024-70-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/5024-69-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/5024-68-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/5024-67-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/5024-66-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/5024-65-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/5024-64-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/5024-63-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/5024-62-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/5024-61-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/5024-60-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/5024-59-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/5024-58-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/5024-57-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/5024-53-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/5024-55-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/5024-25-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/5024-54-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/5024-78-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/5024-51-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/5024-50-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/5024-48-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/5024-36-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/5024-35-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/5024-34-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/5024-33-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/5024-32-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/5024-31-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/5024-30-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/5024-29-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/5024-28-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/5024-27-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/5024-26-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/5024-24-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/5024-23-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/5024-22-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/5024-21-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/5024-20-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/5024-19-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/5024-18-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/5024-17-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/5024-16-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/5024-15-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/5024-14-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/5024-13-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/5024-12-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/5024-11-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/5024-10-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/5024-9-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/5024-8-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/5024-7-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/5024-6-0x0000000002380000-0x0000000002383000-memory.dmp

Filesize
12KB

Download
memory/5024-5-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/5024-4-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/5024-3-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/5024-2-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/5024-86-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/5024-85-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/5024-97-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/5024-96-0x0000000002190000-0x00000000021D3000-memory.dmp

Filesize
268KB

Download
memory/5024-1-0x0000000002190000-0x00000000021D3000-memory.dmp

Filesize
268KB

Download