Overview

overview

8

Static

static

3

23c493ab28...18.exe

windows7-x64

8

23c493ab28...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23c493ab28e1bdb0502fb1533ebbb3a7_JaffaCakes118.exe

  • Size

    350KB

  • MD5

    23c493ab28e1bdb0502fb1533ebbb3a7

  • SHA1

    51d84fa61b3ec7fecce693b8d7d665ffe2578178

  • SHA256

    a760e30220f02f3a75a638403433a35c38d59cf8ffc4d3beb6fccc94974c0f4d

  • SHA512

    b7e3e4fa61800eceb6acafaec5b69704b0998074a471e8123f210fb2aa64a0a9cfd9ca9c931adeea2e735ebc891ab5ee9951434184055b0d0ad024f7951fb9a3

  • SSDEEP

    6144:lR6VWA3ZOEBlhuj1KAtaFnY0MIq0rJjQ+IG3unvrlJcsS7VZI9d9hyjr:/6VWNcxFYxIq2ZIK+vrlJcd77n

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23c493ab28e1bdb0502fb1533ebbb3a7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\23c493ab28e1bdb0502fb1533ebbb3a7_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
      2⤵
        PID:772
    • C:\Windows\G_Server.exe
      C:\Windows\G_Server.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2132
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:4860

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ACJHKW.TMP
        Filesize

        65KB

        MD5

        13f1364c10aaaa09a4f66059c2c8f859

        SHA1

        a05a28eba992e2e15e6b7184b48ba5017a3e4e32

        SHA256

        d9fc7f19c1204e634de4c44cf8bc78eb7bbc879c5c2b64649c72aa48c60fc436

        SHA512

        1f0da83575993d4f7036a474a2ec1b5e2a676225782d6c234515e732f7113cf72f600a2de3286f80e2a7ced4f6f9f71ba4f52f5380534891793112a93d635d3d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\COGLLF.TMP
        Filesize

        33KB

        MD5

        884d60a1209c2c16046d4e4c8f481698

        SHA1

        3bdaa577777cd70b744492010da99d74cc34e549

        SHA256

        5b1b9e753974893937869b01b3373ed34f5e8e1e046d909d33fa4756428c92e7

        SHA512

        edb70444ca24124012d4860d552e4eaa656f7cac81cf7e512ec8dacee0a97c883feaba65bdbab1792e294413bcf0c800a8b69fe7b62bb398f383815a576bd4e1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\UYIXWK.TMP
        Filesize

        17KB

        MD5

        55bca483834624d9d1235ba3ac43d8fd

        SHA1

        c3eb3baaa9863583f38cc7fce67e1914c1bd710f

        SHA256

        897c541e061f6c9a120ba8c711f2d7b96e1b588d70528412bdea9761fb02ceed

        SHA512

        e9aaeab71538d5782f3ec8c2ebea1ae8e8cd2e1a7986e26e62a448413a027e1bc5fcba92f93acb73b8555bf16c85c5631477367f9a90c55243a5a8e238deb8df

        Download Submit

      • C:\Windows\G_Server.exe
        Filesize

        350KB

        MD5

        23c493ab28e1bdb0502fb1533ebbb3a7

        SHA1

        51d84fa61b3ec7fecce693b8d7d665ffe2578178

        SHA256

        a760e30220f02f3a75a638403433a35c38d59cf8ffc4d3beb6fccc94974c0f4d

        SHA512

        b7e3e4fa61800eceb6acafaec5b69704b0998074a471e8123f210fb2aa64a0a9cfd9ca9c931adeea2e735ebc891ab5ee9951434184055b0d0ad024f7951fb9a3

        Download Submit

      • C:\Windows\uninstal.bat
        Filesize

        218B

        MD5

        46d40c1b130d9560ddb84cd2abcd8a14

        SHA1

        915672abdb6326694cab40fd46d1c3916f5c2ca9

        SHA256

        02a0a0ea1d4b61414ce445a0f39db55491e9252ef718ad67df9c6b824506a373

        SHA512

        edd0856aed9538b612cef31de6253f137af98d76570902e0a17c08815e369bb5e58ea7b2963569428dcb10d2a86d57a0fb1cce454e8d474d7f1c4cb503bbdd52

        Download Submit

      • memory/1104-1-0x0000000000700000-0x0000000000701000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1104-0-0x0000000000400000-0x00000000004D2000-memory.dmp

        Filesize

        840KB

        Download

      • memory/1104-31-0x00000000023C0000-0x00000000023CE000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1104-34-0x0000000000400000-0x00000000004D2000-memory.dmp

        Filesize

        840KB

        Download

      • memory/1104-32-0x00000000023D0000-0x00000000023E5000-memory.dmp

        Filesize

        84KB

        Download

      • memory/1104-33-0x00000000023F0000-0x0000000002416000-memory.dmp

        Filesize

        152KB

        Download

      • memory/2132-27-0x0000000000400000-0x00000000004D2000-memory.dmp

        Filesize

        840KB

        Download

      • memory/2132-28-0x0000000000680000-0x0000000000681000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2132-29-0x0000000000400000-0x00000000004D2000-memory.dmp

        Filesize

        840KB

        Download