29f4d85fdf6bdab8bc7c6dcfff5ee8f7faabe52cb4907ae6a969a961ced10f09

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe
Size

2.0MB
MD5

3164d3a94c2b64d4498723b238378465
SHA1

bfe0fef19c8cd193f68a246a24f9e30b6042f876
SHA256

29f4d85fdf6bdab8bc7c6dcfff5ee8f7faabe52cb4907ae6a969a961ced10f09
SHA512

912111c9ef33eb855196540f875d80b1dc3c40c77f289bbd97b5bfceebe55672a259d83ffb428a4829353c58ab384d29d2acaa52fedf5fcca4761a89509e9f76
SSDEEP

24576:VS4ANiglleQrUJTpvOYwP3GeboM6IumH0S4NvlJ/qCGf+XbT0dl0OpbO5:VNQrULKPGeb0/mqlemX8Gs8

Score

8^/10

upx

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\kiss.she	3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00080000000234df-30.dat	acprotect

Loads dropped DLL 1 IoCs

pid	Process
4180	3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00080000000234df-30.dat	upx
behavioral2/memory/4180-33-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4180-52-0x0000000010000000-0x000000001003D000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4180	3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4180	3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe
4180	3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe
4180	3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe
4180	3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe
4180	3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3164d3a94c2b64d4498723b238378465_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SkinH_EL.dll

Filesize
86KB

MD5
147127382e001f495d1842ee7a9e7912

SHA1
92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

SHA256
edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

SHA512
97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57ddd3.tmp

Filesize
1.6MB

MD5
4f3387277ccbd6d1f21ac5c07fe4ca68

SHA1
e16506f662dc92023bf82def1d621497c8ab5890

SHA256
767a3fc4a7a6818cdc3f0b99aaa95db694f6bcde719d2057a88b3d4df3d74fac

SHA512
9da199ac69e3c0d4e0c6307e0ab8178f12cc25cb2f14c3511f6b64e6e60a925c860f3263cb38353a97b55a71ef4d27f8cb7fa3cfc08e7c1a349fd8d209dfa219

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57ddf3.tmp

Filesize
1.6MB

MD5
5870ea0d6ba8dd6e2008466bdd00e0f4

SHA1
d41bf60d0dedff90e3cfc1b41b7e1a73df39a7d5

SHA256
5a7dac8c8b5d7cf1115246dfaf994e7f50e16a7eac1488642396f5e23fddfe0d

SHA512
0c620d5e7383adcf979feccc3b1bad584a5cec8b3d74d0ace8bb786f1f04ba87fa70d59d041dc3833977d44a75f2070181d4054c7c0b9c4ce2d66249b4b3c837

Download Submit
C:\Users\Admin\AppData\Local\Temp\e57ddf4.tmp

Filesize
137KB

MD5
f6b847a54cfb804a25b8842b45fd1d50

SHA1
bb22fef07ce1577c8a7fa057d8cf05502c013bfc

SHA256
5dd2f5a957946e0b6f63660ebd897851aad4795d4c847396c47ddbb647715583

SHA512
dd08a55f538e2a33e6a0c496dc97ae9045594cbbf62f7894ae8ded63f4dc0b2e89c5935269adfd1c19607b1d2474bddc49f6acb955e6dc53a55560663ca2137a

Download Submit
memory/4180-37-0x0000000000400000-0x0000000000624000-memory.dmp

Filesize
2.1MB

Download
memory/4180-33-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4180-29-0x000000000040F000-0x0000000000410000-memory.dmp

Filesize
4KB

Download
memory/4180-36-0x0000000000400000-0x0000000000624000-memory.dmp

Filesize
2.1MB

Download
memory/4180-38-0x0000000000400000-0x0000000000624000-memory.dmp

Filesize
2.1MB

Download
memory/4180-39-0x0000000000400000-0x0000000000624000-memory.dmp

Filesize
2.1MB

Download
memory/4180-40-0x0000000000400000-0x0000000000624000-memory.dmp

Filesize
2.1MB

Download
memory/4180-52-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4180-54-0x0000000000400000-0x0000000000624000-memory.dmp

Filesize
2.1MB

Download