68abde9904a0d248456ca7644feb157878d428be22f1fe3b8d0f91bc5f31354d

Analysis

max time kernel
1s
max time network
0s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 06:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44baf5bf658ee980f2f91a520af57746_JaffaCakes118.exe
Size

614KB
MD5

44baf5bf658ee980f2f91a520af57746
SHA1

948a21f1de5fa1f623a23d88ebe8ea9356e2e6e4
SHA256

68abde9904a0d248456ca7644feb157878d428be22f1fe3b8d0f91bc5f31354d
SHA512

8c8d746dcd1982d89ab7590c6191816fbed14192cb9252a4b575819a493cb738653d18b1c31f9f8c8f5010aea11f8540dd30f34e479cef24a840a8d5a601ef10
SSDEEP

12288:EXcTdgxNGaIN6hStgj4wFYGq6+wnj13vBQ/iOR/8L5wMHn374:NduNJIIgLEYyFj13vBoEVwMHk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2672-639-0x0000000000400000-0x000000000045A000-memory.dmp	upx
behavioral1/memory/2672-645-0x0000000000400000-0x000000000045A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
284	timeout.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2084	44baf5bf658ee980f2f91a520af57746_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2084	44baf5bf658ee980f2f91a520af57746_JaffaCakes118.exe
Token: 33	2084	44baf5bf658ee980f2f91a520af57746_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	2084	44baf5bf658ee980f2f91a520af57746_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\44baf5bf658ee980f2f91a520af57746_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\44baf5bf658ee980f2f91a520af57746_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2084
- C:\Users\Admin\AppData\Local\Xenocode\Sandbox\Project1\1.00\1432.05.03T16.34\Virtual\STUBEXE\@APPDATALOCAL@\Temp\ocx33.exe
  "C:\Users\Admin\AppData\Local\Temp\ocx33.exe"
  2⤵
  PID:3000
- - C:\Users\Admin\AppData\Local\Xenocode\Sandbox\Project1\1.00\1432.05.03T16.34\Virtual\STUBEXE\@APPDATALOCAL@\Temp\ocx33.exe
    "C:\Users\Admin\AppData\Local\Temp\ocx33.exe"
    3⤵
    PID:2516
- - C:\Users\Admin\AppData\Local\Xenocode\Sandbox\Project1\1.00\1432.05.03T16.34\Virtual\STUBEXE\@APPDATALOCAL@\Temp\ocx33.exe
    "C:\Users\Admin\AppData\Local\Temp\ocx33.exe"
    3⤵
    PID:2672
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\ocx33.exe
      4⤵
      PID:1508
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Xenocode\Sandbox\Project1\1.00\1432.05.03T16.34\Virtual\STUBEXE\@APPDATALOCAL@\Temp\ocx33.exe

Filesize
17KB

MD5
d8e122a778026a5bb298ce78a6b4ae47

SHA1
22a6d92a298738883d5ee76ef0f5148bea7fb654

SHA256
806cb9820f2ad756cfd147623b0f0c389b35b015d62e4a655d1662c06638cfff

SHA512
5af62c6a09db3b22cc823b621ef6a5feefe00d2fdb848b60f538647c6b01a5f493c74bb9251be42a475496a9d77bf4faee9590050a12172dadb8e9382745c486

Download Submit
memory/2084-37-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-35-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-33-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-31-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-29-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-27-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-25-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-23-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-21-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-19-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-17-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-15-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-13-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-11-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-9-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-7-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-5-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-3-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-1-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-0-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-55-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-86-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-105-0x0000000077020000-0x0000000077021000-memory.dmp

Filesize
4KB

Download
memory/2084-121-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-137-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-155-0x0000000077020000-0x0000000077021000-memory.dmp

Filesize
4KB

Download
memory/2084-186-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-205-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-41-0x0000000077020000-0x0000000077021000-memory.dmp

Filesize
4KB

Download
memory/2084-40-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-317-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-316-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-312-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-296-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-284-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-269-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-252-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-235-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-219-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-197-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-196-0x0000000077020000-0x0000000077021000-memory.dmp

Filesize
4KB

Download
memory/2084-195-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-170-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-153-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-103-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-66-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-65-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-63-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-61-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-59-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-57-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-53-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-51-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-49-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-47-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-45-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2084-640-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/2672-639-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2672-645-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download