b59af7dc1ac1694afcb1bd5a178e7cce2952707eac07c3804e45ad774bfde009

Analysis

max time kernel
125s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 11:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe
Size

562KB
MD5

224126b7640ba845fb2b5ef193376e24
SHA1

bf458c8e033e462c452a33e045969e273c7b0679
SHA256

b59af7dc1ac1694afcb1bd5a178e7cce2952707eac07c3804e45ad774bfde009
SHA512

4f83c0c7c8325fd56e9f7e95438a26626649ad1564b83377b2284f834a4a95496619d42342cf07f8704f4ea1f587528055ff96e5d561b415d76cea2daf7bfa9b
SSDEEP

12288:8/Ne+H53EmMg4xqX+1ohnwxj+xuBIo1kVKyU47TotdRFmFzxn:aRHJEmMg48uWnwxaxuBTKEyUQTi7Fm

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2448	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2608	SVCH0ST.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SVCH0ST.EXE	224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe
File opened for modification	C:\Windows\SVCH0ST.EXE	224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe
File created	C:\Windows\guocok88.BAT	224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1560	224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe
Token: SeDebugPrivilege	2608	SVCH0ST.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2608	SVCH0ST.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 2448	1560	224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe	29
PID 1560 wrote to memory of 2448	1560	224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe	29
PID 1560 wrote to memory of 2448	1560	224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe	29
PID 1560 wrote to memory of 2448	1560	224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe	29

C:\Users\Admin\AppData\Local\Temp\224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\224126b7640ba845fb2b5ef193376e24_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\guocok88.BAT
  2⤵
  - Deletes itself
  PID:2448

C:\Windows\SVCH0ST.EXE
C:\Windows\SVCH0ST.EXE
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SVCH0ST.EXE

Filesize
562KB

MD5
224126b7640ba845fb2b5ef193376e24

SHA1
bf458c8e033e462c452a33e045969e273c7b0679

SHA256
b59af7dc1ac1694afcb1bd5a178e7cce2952707eac07c3804e45ad774bfde009

SHA512
4f83c0c7c8325fd56e9f7e95438a26626649ad1564b83377b2284f834a4a95496619d42342cf07f8704f4ea1f587528055ff96e5d561b415d76cea2daf7bfa9b

Download Submit
C:\Windows\guocok88.BAT

Filesize
218B

MD5
e4cfeac1880e7f9a6368445952b0fe6a

SHA1
2f81c120c3afbac485aa6e9c759740b416ab2a77

SHA256
3d28b293ed65bb9ddf0528c39c68c27699ad4f94b6451179db50827e4759f905

SHA512
18134c9914f2db901aaa03f4fe8feade433e30103c09c7632311bd5f4de7fb69a85fe10c031bc3f83b3d83bb73f0b65f028451fb9fe36594bb994472e3117bdd

Download Submit
memory/1560-0-0x0000000000580000-0x00000000005CB000-memory.dmp

Filesize
300KB

Download
memory/1560-24-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/1560-55-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/1560-66-0x00000000036F0000-0x00000000036F1000-memory.dmp

Filesize
4KB

Download
memory/1560-65-0x00000000036D0000-0x00000000036D1000-memory.dmp

Filesize
4KB

Download
memory/1560-64-0x00000000036E0000-0x00000000036E1000-memory.dmp

Filesize
4KB

Download
memory/1560-63-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/1560-62-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/1560-61-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/1560-60-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/1560-59-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/1560-58-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/1560-54-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/1560-53-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/1560-52-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/1560-51-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/1560-50-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/1560-49-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/1560-48-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/1560-47-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/1560-46-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1560-45-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/1560-44-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/1560-43-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/1560-42-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1560-41-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/1560-40-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/1560-39-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/1560-38-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download
memory/1560-37-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/1560-36-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/1560-35-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/1560-34-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/1560-33-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/1560-32-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/1560-31-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/1560-30-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/1560-29-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/1560-28-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/1560-27-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/1560-26-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/1560-25-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/1560-23-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/1560-22-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/1560-21-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/1560-20-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/1560-19-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/1560-18-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/1560-17-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/1560-16-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/1560-15-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1560-14-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

Filesize
4KB

Download
memory/1560-13-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1560-12-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1560-11-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1560-10-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/1560-9-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/1560-8-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/1560-7-0x0000000001E20000-0x0000000001E21000-memory.dmp

Filesize
4KB

Download
memory/1560-6-0x00000000027F0000-0x00000000027F3000-memory.dmp

Filesize
12KB

Download
memory/1560-5-0x0000000001E40000-0x0000000001E41000-memory.dmp

Filesize
4KB

Download
memory/1560-4-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1560-3-0x0000000001E60000-0x0000000001E61000-memory.dmp

Filesize
4KB

Download
memory/1560-2-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/1560-1-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/1560-75-0x0000000000580000-0x00000000005CB000-memory.dmp

Filesize
300KB

Download