31708616d8a8582940790df0b3e28972baa9aa27ae75f92700cb2eed051066fe

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 06:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

19290de9604594276607bdf254be7fd8_JaffaCakes118.exe
Size

597KB
MD5

19290de9604594276607bdf254be7fd8
SHA1

993e1d6db21bf295694f0485caef86d1c1cc54dd
SHA256

31708616d8a8582940790df0b3e28972baa9aa27ae75f92700cb2eed051066fe
SHA512

eb8b8e5b7f4636319fd1e5e9d49da1d6cffc978e241583ffe8f9c6015f5ff5ee7033bd60c96ee44bbdc52aa0318700d0d322c7162dc1001026c6cdcd390a0eba
SSDEEP

12288:Q2CKE3JI2PhihwvC64xo6F3Z4mxxsDqVTVOC4zP:Q26dYEGo6QmXLVTz4z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1856	Windows.com.cn.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	19290de9604594276607bdf254be7fd8_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4844	19290de9604594276607bdf254be7fd8_JaffaCakes118.exe
Token: SeDebugPrivilege	1856	Windows.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1856	Windows.com.cn.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 4196	4844	19290de9604594276607bdf254be7fd8_JaffaCakes118.exe	90
PID 4844 wrote to memory of 4196	4844	19290de9604594276607bdf254be7fd8_JaffaCakes118.exe	90
PID 4844 wrote to memory of 4196	4844	19290de9604594276607bdf254be7fd8_JaffaCakes118.exe	90

C:\Users\Admin\AppData\Local\Temp\19290de9604594276607bdf254be7fd8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\19290de9604594276607bdf254be7fd8_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:4196

C:\Windows.com.cn.exe
C:\Windows.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows.com.cn.exe

Filesize
597KB

MD5
19290de9604594276607bdf254be7fd8

SHA1
993e1d6db21bf295694f0485caef86d1c1cc54dd

SHA256
31708616d8a8582940790df0b3e28972baa9aa27ae75f92700cb2eed051066fe

SHA512
eb8b8e5b7f4636319fd1e5e9d49da1d6cffc978e241583ffe8f9c6015f5ff5ee7033bd60c96ee44bbdc52aa0318700d0d322c7162dc1001026c6cdcd390a0eba

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
801c0ea81254420886ad87a45c1fb841

SHA1
8a90d2906975b82fba4966935b18e2a16b43eb32

SHA256
8547bacf49c3aa314d3dc84ef109f7b458d635b9b922d477916419d5231830cb

SHA512
4c8d14aa0583f976b294e9975e09ec620860bf296e2fe90adffd75bbfbed3bde5a12cd13f1627301d8b816d3529144d2eef85dcf201c050d1ad43332248cd29a

Download Submit
memory/1856-80-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/4844-0-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/4844-1-0x00000000023A0000-0x00000000023F4000-memory.dmp

Filesize
336KB

Download
memory/4844-70-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-69-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-68-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-67-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-66-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-65-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-64-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-63-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-62-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-61-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-60-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-59-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-58-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-57-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-56-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-55-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-54-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-53-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-52-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-51-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-50-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-49-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-48-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-47-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-46-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-45-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-44-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-43-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-42-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-41-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-40-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-39-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-38-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-37-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-36-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-35-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-34-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-33-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-32-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-31-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-30-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-29-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-28-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-27-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-26-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-25-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-24-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-23-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-22-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-21-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-20-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-19-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-18-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-17-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4844-16-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/4844-15-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/4844-14-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/4844-13-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/4844-12-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/4844-11-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/4844-10-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4844-9-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/4844-8-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4844-7-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/4844-6-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4844-5-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4844-4-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4844-3-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4844-2-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4844-77-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/4844-78-0x00000000023A0000-0x00000000023F4000-memory.dmp

Filesize
336KB

Download