c3f34fab69c9f02d998500e31402c2ac142b0d209cfd2568619bc9fc0853e5dd

Analysis

max time kernel
91s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe
Size

294KB
MD5

22ce3654742c1f02ae5f343878ca71b5
SHA1

e118b7c26d76d7b12a636d33cb1bb5ad9cf2bff6
SHA256

c3f34fab69c9f02d998500e31402c2ac142b0d209cfd2568619bc9fc0853e5dd
SHA512

f224dd0facf37e830a8fade9d9b5932699595e87f7f051debd2dbe2ed02644b9f6f6d69cf3ae29f14798d4d70f8b8094c9d8a30c2b5ee43109803631ecca6fb1
SSDEEP

6144:zzZIhI966AGkAjOpoaY7qAAY27yZniIms+QTf6f:5wq6xGJOpqURypiI3Cf

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\beep.sys	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\beep.sys	dark.exe

Executes dropped EXE 1 IoCs

pid	Process
4836	dark.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dark.exe	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dark.exe	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\dark.exe	dark.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1624	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	4836	dark.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 4836	1624	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe	80
PID 1624 wrote to memory of 4836	1624	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe	80
PID 1624 wrote to memory of 4836	1624	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe	80
PID 1624 wrote to memory of 4772	1624	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe	81
PID 1624 wrote to memory of 4772	1624	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe	81
PID 1624 wrote to memory of 4772	1624	22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe	81
PID 4836 wrote to memory of 2280	4836	dark.exe	82
PID 4836 wrote to memory of 2280	4836	dark.exe	82
PID 4836 wrote to memory of 2280	4836	dark.exe	82

C:\Users\Admin\AppData\Local\Temp\22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\22ce3654742c1f02ae5f343878ca71b5_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\dark.exe
  "C:\Windows\system32\dark.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4836
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Windows\SysWOW64\dark.exe > nul
    3⤵
    PID:2280
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\22CE36~1.EXE > nul
  2⤵
  PID:4772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\dark.exe

Filesize
294KB

MD5
22ce3654742c1f02ae5f343878ca71b5

SHA1
e118b7c26d76d7b12a636d33cb1bb5ad9cf2bff6

SHA256
c3f34fab69c9f02d998500e31402c2ac142b0d209cfd2568619bc9fc0853e5dd

SHA512
f224dd0facf37e830a8fade9d9b5932699595e87f7f051debd2dbe2ed02644b9f6f6d69cf3ae29f14798d4d70f8b8094c9d8a30c2b5ee43109803631ecca6fb1

Download Submit
C:\Windows\SysWOW64\drivers\beep.sys

Filesize
2KB

MD5
5fd668ad46277cc087c14569bd508f7b

SHA1
a401a642806991b49e39a08862fa5d462cf37bb6

SHA256
aeeb1db06947f713973e60e1e87e9d5e0de15904586137b55a37d88925222662

SHA512
51d303862887aec41d04bf1a00c1a43ca6c9f0ec91d2f0736a517250d11840e482c09e63447ec4ebc746b8328881d6fbd17ea401fc54e1044e41816f42175b1c

Download Submit
memory/1624-0-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1624-1-0x00000000020F0000-0x000000000214A000-memory.dmp

Filesize
360KB

Download
memory/1624-71-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-70-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-69-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-68-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-67-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-66-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-65-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-64-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-63-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-62-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-61-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-60-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-59-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-58-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-57-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-56-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-55-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-54-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-53-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-52-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-51-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-50-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-49-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-48-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-47-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-46-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-45-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-44-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-43-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-42-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-41-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-40-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-39-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-38-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-37-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-36-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-35-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-34-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-33-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-32-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-31-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-30-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-29-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-28-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-27-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-26-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-25-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-24-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-23-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-22-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-21-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-20-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-19-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-18-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-17-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-16-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-15-0x0000000003120000-0x0000000003121000-memory.dmp

Filesize
4KB

Download
memory/1624-14-0x0000000003130000-0x0000000003131000-memory.dmp

Filesize
4KB

Download
memory/1624-13-0x0000000003130000-0x0000000003131000-memory.dmp

Filesize
4KB

Download
memory/1624-12-0x0000000003130000-0x0000000003131000-memory.dmp

Filesize
4KB

Download
memory/1624-11-0x0000000003130000-0x0000000003131000-memory.dmp

Filesize
4KB

Download
memory/1624-10-0x0000000003130000-0x0000000003131000-memory.dmp

Filesize
4KB

Download
memory/1624-9-0x0000000003130000-0x0000000003131000-memory.dmp

Filesize
4KB

Download
memory/1624-7-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/1624-6-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1624-5-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/1624-4-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/1624-3-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/1624-2-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1624-78-0x00000000020F0000-0x000000000214A000-memory.dmp

Filesize
360KB

Download
memory/1624-77-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4836-82-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download