523852f094ce7f49d79df95748fd116ba6bedc2b6689be4794fbe825f222439d

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 02:31

Target

3bac28ad35f20ecad0ebd0ac283c3f9c_JaffaCakes118.exe
Size

317KB
MD5

3bac28ad35f20ecad0ebd0ac283c3f9c
SHA1

e86ea6377b7aadaf7bc5cf5e00583d5c0165b733
SHA256

523852f094ce7f49d79df95748fd116ba6bedc2b6689be4794fbe825f222439d
SHA512

1bac4c9628b83ac4d925533b1df693e609242f0949441433a4e8e352c32d5e7ec8f945cec1389a74711ccf455a4bd72324830fabc53c6477b7da61661153ffff
SSDEEP

6144:5enacJMR1jTdBSnjuw+ILEK58zyhcMdqUcUSYdbGxnF:5eojTijuS0yhcx5AG

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2356	svfr.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Media Player\svfr.exe	3bac28ad35f20ecad0ebd0ac283c3f9c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\svfr.exe	3bac28ad35f20ecad0ebd0ac283c3f9c_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2496	3bac28ad35f20ecad0ebd0ac283c3f9c_JaffaCakes118.exe
Token: SeDebugPrivilege	2356	svfr.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2356	svfr.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2112	2356	svfr.exe	31
PID 2356 wrote to memory of 2112	2356	svfr.exe	31
PID 2356 wrote to memory of 2112	2356	svfr.exe	31
PID 2356 wrote to memory of 2112	2356	svfr.exe	31

C:\Program Files (x86)\Windows Media Player\svfr.exe
"C:\Program Files (x86)\Windows Media Player\svfr.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2112

C:\Program Files (x86)\Windows Media Player\svfr.exe

Filesize
317KB

MD5
3bac28ad35f20ecad0ebd0ac283c3f9c

SHA1
e86ea6377b7aadaf7bc5cf5e00583d5c0165b733

SHA256
523852f094ce7f49d79df95748fd116ba6bedc2b6689be4794fbe825f222439d

SHA512
1bac4c9628b83ac4d925533b1df693e609242f0949441433a4e8e352c32d5e7ec8f945cec1389a74711ccf455a4bd72324830fabc53c6477b7da61661153ffff

Download Submit
memory/2356-10-0x0000000000400000-0x0000000000512A9E-memory.dmp

Filesize
1.1MB

Download
memory/2356-11-0x0000000000400000-0x0000000000512A9E-memory.dmp

Filesize
1.1MB

Download
memory/2356-12-0x0000000000400000-0x0000000000512A9E-memory.dmp

Filesize
1.1MB

Download
memory/2356-14-0x0000000000400000-0x0000000000512A9E-memory.dmp

Filesize
1.1MB

Download
memory/2496-0-0x0000000000400000-0x0000000000512A9E-memory.dmp

Filesize
1.1MB

Download
memory/2496-3-0x0000000000400000-0x0000000000512A9E-memory.dmp

Filesize
1.1MB

Download
memory/2496-2-0x0000000000510000-0x0000000000512000-memory.dmp

Filesize
8KB

Download
memory/2496-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2496-6-0x0000000000400000-0x0000000000512A9E-memory.dmp

Filesize
1.1MB

Download
memory/2496-7-0x0000000000400000-0x0000000000512A9E-memory.dmp

Filesize
1.1MB

Download