dd88da64e4b359e0122845d51c814d073314ea3f865c2748abdf6b434ecd5713

Analysis

max time kernel
142s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe
Size

632KB
MD5

4226614f7b647980b7fe2a9cc4a0f1d1
SHA1

e393149b8e0e9dbded5c193e986ab1b6a732090d
SHA256

dd88da64e4b359e0122845d51c814d073314ea3f865c2748abdf6b434ecd5713
SHA512

655ed22c2dfc7bdd36228573e2937ea57ce4c7e8e53d55b70513baffa41230e8071a4623751aa007ee33c0d14a58ad9b3cfeb61eab40712a46f3287c4ef120dd
SSDEEP

12288:KkntGMiyen5r+HeTTn8F3Z4mxxm0MHoTAFbLlDx:KCGMXengHy8QmXmKaDx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3808	cat.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\cat.exe	4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe
File opened for modification	C:\Windows\cat.exe	4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe
File created	C:\Windows\uninstal.bat	4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1688	4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe
Token: SeDebugPrivilege	3808	cat.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3808	cat.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 4908	3808	cat.exe	87
PID 3808 wrote to memory of 4908	3808	cat.exe	87
PID 1688 wrote to memory of 3484	1688	4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe	88
PID 1688 wrote to memory of 3484	1688	4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe	88
PID 1688 wrote to memory of 3484	1688	4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4226614f7b647980b7fe2a9cc4a0f1d1_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:3484

C:\Windows\cat.exe
C:\Windows\cat.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:4908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\cat.exe

Filesize
632KB

MD5
4226614f7b647980b7fe2a9cc4a0f1d1

SHA1
e393149b8e0e9dbded5c193e986ab1b6a732090d

SHA256
dd88da64e4b359e0122845d51c814d073314ea3f865c2748abdf6b434ecd5713

SHA512
655ed22c2dfc7bdd36228573e2937ea57ce4c7e8e53d55b70513baffa41230e8071a4623751aa007ee33c0d14a58ad9b3cfeb61eab40712a46f3287c4ef120dd

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
4fed3e6a448a96b27a252eaef13658a0

SHA1
361b7717aa4c48631997244eec4433212bcb7fa1

SHA256
ce7237fd527cb7856db22ae1d02bf0e452025a0f5026597f0eaace402c378b29

SHA512
aedd786fa5fe60f3c5fe4452f987df43596457658b8d61554528248cdbe6c315bce8b8b27b7303fe7a6e59b4ccc71fbe05426879dcc90b47968b5ea255d173e7

Download Submit
memory/1688-6-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/1688-15-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1688-14-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/1688-13-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/1688-10-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/1688-9-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/1688-8-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/1688-7-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/1688-0-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/1688-5-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/1688-16-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/1688-17-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/1688-2-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/1688-12-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/1688-11-0x00000000034C0000-0x00000000034C3000-memory.dmp

Filesize
12KB

Download
memory/1688-1-0x0000000002310000-0x0000000002364000-memory.dmp

Filesize
336KB

Download
memory/1688-4-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/1688-25-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/1688-26-0x0000000002310000-0x0000000002364000-memory.dmp

Filesize
336KB

Download
memory/1688-3-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/3808-28-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download