1194e609e8c9288627e556b94b288fdc9e90f2c7e40b276c27b8b2e78dcfca1d

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 12:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe
Size

744KB
MD5

41af168c10c339e494259c096d8cb51c
SHA1

8a1b51072d218e3a1b224f803b66ac14cd12b283
SHA256

1194e609e8c9288627e556b94b288fdc9e90f2c7e40b276c27b8b2e78dcfca1d
SHA512

838a96db9f68c3d80f290322ff7885d519a013c90a5f76be6560875c23215a11917634170028a69da52b80a5fd7d115fdbaf01878dbd9a836bae8ad94322583a
SSDEEP

12288:slx/IoKmPHa/ItjA3LS5MH8ByqFpy2anwWhYuQ2gjn8tWojb7igL5DnznyB:slxmPIt83G5McMqfu32uQ2BWkPEB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
796	windows.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\windows.exe	41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe
File opened for modification	C:\Windows\windows.exe	41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe
File created	C:\Windows\uninstal.bat	41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4756	796	WerFault.exe	86

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3308	41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe
Token: SeDebugPrivilege	796	windows.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
796	windows.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 4232	3308	41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe	88
PID 3308 wrote to memory of 4232	3308	41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe	88
PID 3308 wrote to memory of 4232	3308	41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe	88
PID 796 wrote to memory of 4740	796	windows.exe	87
PID 796 wrote to memory of 4740	796	windows.exe	87

C:\Users\Admin\AppData\Local\Temp\41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\41af168c10c339e494259c096d8cb51c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:4232

C:\Windows\windows.exe
C:\Windows\windows.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:796
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:4740
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 700
  2⤵
  - Program crash
  PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 796 -ip 796
1⤵
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\uninstal.bat

Filesize
218B

MD5
3b8f60c1106d1c7ea1b707baec6cbae0

SHA1
45ca2c157be7052f3c114a5b62b2582a2bf22465

SHA256
267eac1eb63295f4725c04d1b8430ea317559fff78520d26072ba33be598e320

SHA512
9df5eb099ba6090c7e74489637aec1c415d902a64aec485dae66383748712934c437b7fb0072aaeb9fa612866b241968a4e3e63c3e1e8ea3c1e38c4cf8bca268

Download Submit
C:\Windows\windows.exe

Filesize
744KB

MD5
41af168c10c339e494259c096d8cb51c

SHA1
8a1b51072d218e3a1b224f803b66ac14cd12b283

SHA256
1194e609e8c9288627e556b94b288fdc9e90f2c7e40b276c27b8b2e78dcfca1d

SHA512
838a96db9f68c3d80f290322ff7885d519a013c90a5f76be6560875c23215a11917634170028a69da52b80a5fd7d115fdbaf01878dbd9a836bae8ad94322583a

Download Submit
memory/796-29-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

Filesize
4KB

Download
memory/796-30-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

Filesize
4KB

Download
memory/796-42-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

Filesize
4KB

Download
memory/796-35-0x0000000001200000-0x0000000001201000-memory.dmp

Filesize
4KB

Download
memory/796-36-0x0000000003230000-0x0000000003231000-memory.dmp

Filesize
4KB

Download
memory/796-32-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/796-46-0x0000000000E30000-0x0000000000E6A000-memory.dmp

Filesize
232KB

Download
memory/796-45-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/796-23-0x0000000000E30000-0x0000000000E6A000-memory.dmp

Filesize
232KB

Download
memory/796-24-0x0000000000F00000-0x0000000000F01000-memory.dmp

Filesize
4KB

Download
memory/796-25-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/796-26-0x0000000000EC0000-0x0000000000EC1000-memory.dmp

Filesize
4KB

Download
memory/796-27-0x0000000000E70000-0x0000000000E71000-memory.dmp

Filesize
4KB

Download
memory/796-22-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/3308-9-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/3308-28-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/3308-16-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/3308-17-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/3308-13-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/3308-14-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/3308-12-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/3308-11-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/3308-0-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/3308-10-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/3308-2-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/3308-15-0x00000000047A0000-0x00000000047A1000-memory.dmp

Filesize
4KB

Download
memory/3308-3-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/3308-31-0x0000000002290000-0x00000000022CA000-memory.dmp

Filesize
232KB

Download
memory/3308-40-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/3308-39-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/3308-38-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/3308-37-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/3308-4-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/3308-5-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/3308-6-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/3308-7-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/3308-8-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/3308-1-0x0000000002290000-0x00000000022CA000-memory.dmp

Filesize
232KB

Download