bc565b1b5e09c201e9b92341cc73da4771c4f7cb127cf094b98d1ae5554cf2a8

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe
Size

328KB
MD5

4733fbbe363526c1bf02bb7c731c3ebf
SHA1

927048ddd04484d0ca8dba3d32b159c4de64c6f7
SHA256

bc565b1b5e09c201e9b92341cc73da4771c4f7cb127cf094b98d1ae5554cf2a8
SHA512

2cfdeb0d6b28a32f07bf8666d444debc3b23b23591c534f78f4398d8732d505955c6b4c6aaae0c7043bc0c89764edec274418614144395d3526018918daa05d2
SSDEEP

6144:mwtV9F2idZecnl20lHRxp3gQqjHOyfR1yOxPGzjjTrwv54Zda5l3NAEIlKGOu7:mwbHF3Z4mxxf4HOcZ9GD6gajN9OD7

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\svchost.exe	4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\svchost.exe	4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe

Deletes itself 1 IoCs

pid	Process
2820	cmd.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\update.bak	4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeRestorePrivilege	2328	4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2820	2328	4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe	30
PID 2328 wrote to memory of 2820	2328	4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe	30
PID 2328 wrote to memory of 2820	2328	4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe	30
PID 2328 wrote to memory of 2820	2328	4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4733fbbe363526c1bf02bb7c731c3ebf_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\cmd.exe
  cmd /c afc9fe2f418b00a0.bat
  2⤵
  - Deletes itself
  PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\afc9fe2f418b00a0.bat

Filesize
2KB

MD5
942b91b1fcd89c804116bc39665c5b45

SHA1
4c285c4154a2fc425410e0cdfa9a4e99c438b7a4

SHA256
75e0ab74331471ed57e2072b71fa9c322a70155ed05ba9586603720826e860fa

SHA512
3b4c37620457fd2646be0676692ac3042d84320d024e91327a3ef7ad3d11e0cf803078db0967266fc60ccbf30b7ce310a45538826ae2e6f596f4aad703647e7d

Download Submit
memory/2328-8-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/2328-7-0x00000000008D0000-0x00000000008D1000-memory.dmp

Filesize
4KB

Download
memory/2328-15-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2328-0-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2328-13-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2328-12-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2328-11-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2328-10-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2328-16-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2328-9-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/2328-14-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/2328-6-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2328-5-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2328-4-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/2328-3-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2328-2-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2328-1-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2328-31-0x0000000000280000-0x00000000002D4000-memory.dmp

Filesize
336KB

Download
memory/2328-30-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download