b28d08621ebdeeaaf01bcd16ad1c6d74502ade3be812736abd93363af786f92b

Analysis

max time kernel
142s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 09:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe
Size

448KB
MD5

4547a8c15b1813e6d8c3f740a55c267f
SHA1

9fe2a432695894b62dfe0562fe50509a1892ce60
SHA256

b28d08621ebdeeaaf01bcd16ad1c6d74502ade3be812736abd93363af786f92b
SHA512

385a9b10235d8e6006319ba056a62ebfa2e837938e25bf2ecefc9502a19c64a58160b2f1a963da92960b551ff617f5f14f0a2f1739fe4e128056b606d97225c2
SSDEEP

12288:o18tQncSV1jOMBTKvZA7hoqFLLUeG9YAcEN:o1DnbjymO/qJg9nN

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000c000000023452-85.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1048	EntSver.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\EntSver.exe	4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe
File opened for modification	C:\Windows\EntSver.exe	4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe
File created	C:\Windows\GUOCYOKl.BAT	4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1788	4848	WerFault.exe	82
3232	1048	WerFault.exe	89

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4848	4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe
Token: SeDebugPrivilege	1048	EntSver.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1048	EntSver.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 4712	1048	EntSver.exe	92
PID 1048 wrote to memory of 4712	1048	EntSver.exe	92
PID 4848 wrote to memory of 756	4848	4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe	93
PID 4848 wrote to memory of 756	4848	4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe	93
PID 4848 wrote to memory of 756	4848	4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe	93

C:\Users\Admin\AppData\Local\Temp\4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4547a8c15b1813e6d8c3f740a55c267f_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 516
  2⤵
  - Program crash
  PID:1788
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\GUOCYOKl.BAT
  2⤵
  PID:756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4848 -ip 4848
1⤵
PID:4376

C:\Windows\EntSver.exe
C:\Windows\EntSver.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 516
  2⤵
  - Program crash
  PID:3232
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1048 -ip 1048
1⤵
PID:4172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\EntSver.exe

Filesize
448KB

MD5
4547a8c15b1813e6d8c3f740a55c267f

SHA1
9fe2a432695894b62dfe0562fe50509a1892ce60

SHA256
b28d08621ebdeeaaf01bcd16ad1c6d74502ade3be812736abd93363af786f92b

SHA512
385a9b10235d8e6006319ba056a62ebfa2e837938e25bf2ecefc9502a19c64a58160b2f1a963da92960b551ff617f5f14f0a2f1739fe4e128056b606d97225c2

Download Submit
C:\Windows\GUOCYOKl.BAT

Filesize
218B

MD5
35b2c46ec341217ac68a9e2e760c9c04

SHA1
0abf2a1922e421d25111a53adf8e2f9941fec276

SHA256
4537f8fe4acbf6540e2dfe810789567510d480289050a93e20585797baf8530d

SHA512
6729783e3b431518321777d599c07a57128a6229f61241b19b6606d05d1d58390ecbc4f83cf1e384ba1fc83290a2f31570160563ce877b303bebeca35bbf6f38

Download Submit
memory/1048-89-0x00000000009D0000-0x0000000000A13000-memory.dmp

Filesize
268KB

Download
memory/1048-95-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/1048-96-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/1048-101-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/1048-97-0x00000000009D0000-0x0000000000A13000-memory.dmp

Filesize
268KB

Download
memory/4848-5-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download
memory/4848-4-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download
memory/4848-43-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/4848-42-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/4848-41-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/4848-40-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4848-39-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/4848-38-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/4848-37-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/4848-36-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/4848-35-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/4848-34-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/4848-33-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/4848-32-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/4848-31-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/4848-30-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/4848-29-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/4848-55-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/4848-27-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/4848-26-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/4848-25-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/4848-24-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/4848-23-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/4848-21-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/4848-20-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/4848-19-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/4848-18-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4848-17-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4848-16-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4848-15-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4848-14-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/4848-13-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4848-12-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/4848-11-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4848-10-0x0000000000C10000-0x0000000000C11000-memory.dmp

Filesize
4KB

Download
memory/4848-9-0x0000000000C00000-0x0000000000C01000-memory.dmp

Filesize
4KB

Download
memory/4848-8-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4848-7-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/4848-6-0x0000000000C40000-0x0000000000C43000-memory.dmp

Filesize
12KB

Download
memory/4848-45-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/4848-1-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

Filesize
4KB

Download
memory/4848-3-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/4848-44-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/4848-2-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/4848-28-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/4848-64-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/4848-63-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/4848-62-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/4848-61-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/4848-60-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/4848-59-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/4848-65-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/4848-58-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/4848-57-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/4848-56-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/4848-54-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/4848-53-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/4848-66-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/4848-52-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/4848-51-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/4848-50-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/4848-49-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/4848-67-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/4848-48-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/4848-81-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

Filesize
4KB

Download
memory/4848-80-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/4848-79-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/4848-78-0x0000000002F00000-0x0000000002F01000-memory.dmp

Filesize
4KB

Download
memory/4848-77-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

Filesize
4KB

Download
memory/4848-76-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

Filesize
4KB

Download
memory/4848-75-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

Filesize
4KB

Download
memory/4848-74-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4848-73-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

Filesize
4KB

Download
memory/4848-72-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download
memory/4848-71-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download
memory/4848-70-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/4848-69-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/4848-68-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/4848-82-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/4848-83-0x0000000002F30000-0x0000000002F31000-memory.dmp

Filesize
4KB

Download
memory/4848-84-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/4848-87-0x0000000002F40000-0x0000000002F41000-memory.dmp

Filesize
4KB

Download
memory/4848-22-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/4848-0-0x0000000000B40000-0x0000000000B83000-memory.dmp

Filesize
268KB

Download
memory/4848-86-0x0000000002F50000-0x0000000002F51000-memory.dmp

Filesize
4KB

Download
memory/4848-92-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/4848-93-0x0000000000B40000-0x0000000000B83000-memory.dmp

Filesize
268KB

Download