6869d105e26770dd2cf3df2f6dc1e86e36a5f0cc40166d67f80bdaace079a119

Analysis

max time kernel
140s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe
Size

50KB
MD5

25b8b7a6ede975d4ca5b893da5d3a79c
SHA1

f2a78aaf7003e8578ed9597dbdb4a2ee6a533791
SHA256

6869d105e26770dd2cf3df2f6dc1e86e36a5f0cc40166d67f80bdaace079a119
SHA512

64473d9f7e94028648d07542abfdbc940f8222a039859b02ca0b66e17700942f56833686e7854d2376caac6f59a6d1c586c5cef4c421c4ef264b1690791a3211
SSDEEP

1536:oIyq3dzVsTbW1+yMGveGOmxzgAAkMvO8:oIEbfq8mxz3lMv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4804	smss.exe

Loads dropped DLL 2 IoCs

pid	Process
4532	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe
4532	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ou7sound.dll	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\delmeml.bat	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\smss.exe	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
4532	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe
652	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	4532	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 3644	4532	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe	81
PID 4532 wrote to memory of 3644	4532	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe	81
PID 4532 wrote to memory of 3644	4532	25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe	81

C:\Users\Admin\AppData\Local\Temp\25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\25b8b7a6ede975d4ca5b893da5d3a79c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c delmeml.bat
  2⤵
  PID:3644

C:\Windows\smss.exe
C:\Windows\smss.exe
1⤵
- Executes dropped EXE
PID:4804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\delmeml.bat

Filesize
306B

MD5
b3fd382476c9a1be0694be61a920873b

SHA1
7bf1c4997be0a11794ae0920a4705d3ea74e85fd

SHA256
d0084cfcbf0222a165eaa74ce8fc968318b67a51dd758fec8c4811d1b9b48cf7

SHA512
540a330611f34f8880a0a4143503ffde71d6f7cb08103412025edf56976caca2e2ea194f90042a2ad6f5aa7046b57ea3eaa082dde237ed419e825af45a5bfaf2

Download Submit
C:\Windows\SysWOW64\ou7sound.dll

Filesize
65KB

MD5
7092bbfd2a3dd39250e2a6ce488a1ad4

SHA1
03019cb62306e9914d58af620ab37a5f8ef6c5fd

SHA256
90ed9311e73afbbdd6fc360903360eebb5840439fc0447e2726556ad159ccc3a

SHA512
f42e51677bc8d25fcf4979a6e9cd05600c46b82e39800db553d0c97eac7a7facf83ab5f21bf15375a24db66efea27fb63a530db718d0329e22e48e49898becd2

Download Submit
C:\Windows\smss.exe

Filesize
34KB

MD5
ae67f7d7742ed5a1a9eeb768652637c7

SHA1
bc2c89fadb76fdaf723d68ff5d2b369eceace801

SHA256
3ab5d431c9d2e1f52ab8c027f55e4106c6cbcce6bdde0eacd7199760a5e5b8af

SHA512
f3e10e585bb0e56c389e223332ae7741deae68a01b79316c67b5502aa0e0d74568a5b757741a1a657302d99c00ccfc378a9c6cd9b4f9f30c4f0d5bdf512cce5a

Download Submit
memory/4532-0-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4532-1-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4532-2-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/4532-7-0x0000000002040000-0x0000000002071000-memory.dmp

Filesize
196KB

Download
memory/4532-14-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4804-18-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-17-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-16-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-19-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-20-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-21-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-22-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-23-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-24-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-25-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-27-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-28-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4804-29-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download