810c5c9481ac4aeb7cb339188894964a79b652ad603d34a55e81598d62ad8e45

Analysis

max time kernel
142s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe
Size

438KB
MD5

2317f826534fde1723fecdc925185f8e
SHA1

9eb2d5f2005b15db9b357c13ad3b8d14b0bfe400
SHA256

810c5c9481ac4aeb7cb339188894964a79b652ad603d34a55e81598d62ad8e45
SHA512

ab3770052ec3328664148aa1c3ddb2ae637b89b7b9f987a158dd4d6190d4d8c2801e5e1d329419400fbed28a63e14e473f9a36d69b09ddca80795708543649af
SSDEEP

6144:cRRJnML+pdyFnKZ9fF/d5RsggXeNHmyLSpoLVDijud98gWNlPTGQQm6agrds:cLpA+pMFnKJ/5rgXMbSgGjukNtTirds

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1176	Hacker.com.cn.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.exe	2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe
File created	C:\Windows\uninstal.bat	2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1096	2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe
Token: SeDebugPrivilege	1176	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1176	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 768	1176	Hacker.com.cn.exe	82
PID 1176 wrote to memory of 768	1176	Hacker.com.cn.exe	82
PID 1096 wrote to memory of 4760	1096	2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe	83
PID 1096 wrote to memory of 4760	1096	2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe	83
PID 1096 wrote to memory of 4760	1096	2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2317f826534fde1723fecdc925185f8e_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:4760

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
438KB

MD5
2317f826534fde1723fecdc925185f8e

SHA1
9eb2d5f2005b15db9b357c13ad3b8d14b0bfe400

SHA256
810c5c9481ac4aeb7cb339188894964a79b652ad603d34a55e81598d62ad8e45

SHA512
ab3770052ec3328664148aa1c3ddb2ae637b89b7b9f987a158dd4d6190d4d8c2801e5e1d329419400fbed28a63e14e473f9a36d69b09ddca80795708543649af

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
f85552b6c595282d26e3e22fb636ef17

SHA1
db51dd2834f93c2ee184a6a46d9d477153a72f3d

SHA256
2780d6f373656f3c3ba801964da89f480e726436e642942b311c44a641040eef

SHA512
5b459f9bef98b6740806021c9373cb2a54eb8c835a08ccfa826dded3b3f14d9623e527bea3c03e1d17453c03c9a48ab5212de304ae27d5dc0ad5a78c7818afd1

Download Submit
memory/1096-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1096-6-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/1096-5-0x0000000002290000-0x0000000002293000-memory.dmp

Filesize
12KB

Download
memory/1096-4-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/1096-3-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/1096-2-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/1096-1-0x00000000021A0000-0x00000000021E3000-memory.dmp

Filesize
268KB

Download
memory/1096-45-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/1096-44-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/1096-43-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/1096-42-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/1096-41-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/1096-40-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/1096-39-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/1096-38-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/1096-37-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/1096-36-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/1096-35-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/1096-34-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/1096-33-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/1096-32-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/1096-31-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/1096-30-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/1096-29-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/1096-28-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1096-27-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/1096-26-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/1096-25-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/1096-24-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/1096-23-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/1096-22-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/1096-21-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/1096-20-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/1096-19-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/1096-18-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/1096-17-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/1096-16-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/1096-15-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/1096-14-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/1096-13-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/1096-12-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/1096-11-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/1096-10-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/1096-9-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/1096-8-0x00000000022A0000-0x00000000022A1000-memory.dmp

Filesize
4KB

Download
memory/1096-7-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/1096-84-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/1096-83-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/1096-82-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/1096-81-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/1096-80-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/1096-79-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/1096-78-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/1096-77-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/1096-76-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/1096-75-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/1096-74-0x0000000002D30000-0x0000000002D31000-memory.dmp

Filesize
4KB

Download
memory/1096-73-0x0000000002D40000-0x0000000002D41000-memory.dmp

Filesize
4KB

Download
memory/1096-72-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/1096-71-0x0000000002D20000-0x0000000002D21000-memory.dmp

Filesize
4KB

Download
memory/1096-70-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/1096-69-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/1096-68-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/1096-67-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/1096-66-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/1096-65-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/1096-64-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/1096-63-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/1096-62-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/1096-61-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/1096-60-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/1096-59-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/1096-58-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/1096-57-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/1096-56-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/1096-55-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/1096-54-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/1096-53-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/1096-52-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/1096-51-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/1096-50-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/1096-49-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/1096-48-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/1096-85-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/1096-86-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/1096-91-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1096-96-0x00000000021A0000-0x00000000021E3000-memory.dmp

Filesize
268KB

Download
memory/1096-95-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1176-89-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1176-90-0x0000000000D30000-0x0000000000D73000-memory.dmp

Filesize
268KB

Download
memory/1176-98-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/1176-100-0x0000000000D30000-0x0000000000D73000-memory.dmp

Filesize
268KB

Download