62b9848f9eb468669b45b9f8daf1d2a6e89e279e7f7265c923ca4ce04f6e03cb

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe
Size

876KB
MD5

261736c56c3947ccedc5e375b676b958
SHA1

9c4051e84983495ad136525222f82590a8d6b046
SHA256

62b9848f9eb468669b45b9f8daf1d2a6e89e279e7f7265c923ca4ce04f6e03cb
SHA512

1ff784ad21a9f31278ccc6fe17098b39264a15454bbbd28674786085c2ef196c6e3a87e1ba6a1f3cde198ba7e20f41845b613cfebc06db652613163fec506f50
SSDEEP

12288:+LfrxBM+Mkm3TJMpJJgFc+vM7uF3Z4mxx+KnL+0K63IfvLfrxBM+Mkm3TJMpJJgR:l3MIc+vM6QmX/l3sk3MIc+vMe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1660	Hacker.com.cn.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Hacker.com.cn.exe	261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe
File opened for modification	C:\Windows\Hacker.com.cn.exe	261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe
File created	C:\Windows\uninstal.bat	261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Hacker.com.cn.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Hacker.com.cn.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Hacker.com.cn.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Hacker.com.cn.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Hacker.com.cn.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4928	261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe
Token: SeDebugPrivilege	1660	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1660	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2612	1660	Hacker.com.cn.exe	84
PID 1660 wrote to memory of 2612	1660	Hacker.com.cn.exe	84
PID 4928 wrote to memory of 2700	4928	261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe	85
PID 4928 wrote to memory of 2700	4928	261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe	85
PID 4928 wrote to memory of 2700	4928	261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe	85

C:\Users\Admin\AppData\Local\Temp\261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\261736c56c3947ccedc5e375b676b958_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:2700

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
876KB

MD5
261736c56c3947ccedc5e375b676b958

SHA1
9c4051e84983495ad136525222f82590a8d6b046

SHA256
62b9848f9eb468669b45b9f8daf1d2a6e89e279e7f7265c923ca4ce04f6e03cb

SHA512
1ff784ad21a9f31278ccc6fe17098b39264a15454bbbd28674786085c2ef196c6e3a87e1ba6a1f3cde198ba7e20f41845b613cfebc06db652613163fec506f50

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
48376054a18caafe119bb48ac8bdee81

SHA1
7f03fb4fb039ff54814d9a489bdf9e91b8f30f85

SHA256
ac2655c74d9dff0b2b448ec63c67c594b65108fdd9ca6ee5fada487afa7a847d

SHA512
1ee3732aa7eedc94b559e87c1f35763158efa83a9388d2d8cb346b33ab6fda01109eae69783f29adfab78698799f24cc21c577f4536f4486de87e38d0e68f295

Download Submit
memory/1660-82-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1660-83-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1660-90-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1660-94-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/4928-45-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-40-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-10-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/4928-76-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-75-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-74-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-73-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-77-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/4928-6-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/4928-71-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-72-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-70-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-69-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-68-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-67-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-66-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-43-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-64-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-63-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-62-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-61-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-60-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-59-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-58-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-41-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-56-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-55-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-54-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-53-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-52-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-51-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-50-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-49-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-48-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-46-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-47-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-1-0x0000000000A20000-0x0000000000A74000-memory.dmp

Filesize
336KB

Download
memory/4928-44-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-65-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-3-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/4928-57-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-42-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-39-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-38-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-37-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-35-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-36-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-34-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-33-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-32-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-31-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-30-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-29-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-28-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-27-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-26-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-25-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-24-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-23-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-22-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-21-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-20-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-19-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-18-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/4928-17-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/4928-16-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/4928-15-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/4928-14-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/4928-13-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/4928-12-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/4928-11-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/4928-9-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4928-8-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4928-7-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4928-4-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4928-5-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/4928-2-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4928-0-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/4928-87-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/4928-88-0x0000000000A20000-0x0000000000A74000-memory.dmp

Filesize
336KB

Download