71169d83b35aeb58bf77c72e40f9515073720b76502a01cd9d7105efc976a0b6

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe
Size

438KB
MD5

4cafb4bc429546c2635a5786beb8c582
SHA1

2656d2a21592e7ccf5530d89f6f18038ad5976e6
SHA256

71169d83b35aeb58bf77c72e40f9515073720b76502a01cd9d7105efc976a0b6
SHA512

4fa45887d7e17494d6d80856399c0cb80ed1d10159a107998788151edceadf7f4c2ccec8ebc98520428badb2153707fbbfec40eb96c06289823ed2bc9aa4c673
SSDEEP

12288:rL/s37tD34R9gYTcsbHsyB76NtTird7HAE:rL/s3754R35B6TEd7A

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3088	unhelp.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\unhelp.exe	4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe
File opened for modification	C:\Windows\unhelp.exe	4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe
File created	C:\Windows\uninstal.bat	4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2548	4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe
Token: SeDebugPrivilege	3088	unhelp.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3088	unhelp.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2096	2548	4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe	88
PID 2548 wrote to memory of 2096	2548	4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe	88
PID 2548 wrote to memory of 2096	2548	4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe	88
PID 3088 wrote to memory of 4652	3088	unhelp.exe	87
PID 3088 wrote to memory of 4652	3088	unhelp.exe	87

C:\Users\Admin\AppData\Local\Temp\4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4cafb4bc429546c2635a5786beb8c582_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
  2⤵
  PID:2096

C:\Windows\unhelp.exe
C:\Windows\unhelp.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:4652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\unhelp.exe

Filesize
438KB

MD5
4cafb4bc429546c2635a5786beb8c582

SHA1
2656d2a21592e7ccf5530d89f6f18038ad5976e6

SHA256
71169d83b35aeb58bf77c72e40f9515073720b76502a01cd9d7105efc976a0b6

SHA512
4fa45887d7e17494d6d80856399c0cb80ed1d10159a107998788151edceadf7f4c2ccec8ebc98520428badb2153707fbbfec40eb96c06289823ed2bc9aa4c673

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
c2316cd1d338ea160cec04fdd3bd9aac

SHA1
594826f893b8ad31389d5e076697cf946b6be515

SHA256
52a9675a767b6078149895114ff7809b126857571b3bc123d97fdc39af174c9a

SHA512
5a69d28e7034ba3f1a72bd6c07a0bf7ba81548a89da10c3b00f46529ebb6cb1cf8f748e3793dba933ee605af840c326ae63b7f4926d4cf1c0fec67b47fddd6ee

Download Submit
memory/2548-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2548-1-0x00000000022B0000-0x00000000022F3000-memory.dmp

Filesize
268KB

Download
memory/2548-3-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/2548-2-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2548-4-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/2548-6-0x00000000024E0000-0x00000000024E3000-memory.dmp

Filesize
12KB

Download
memory/2548-5-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2548-9-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2548-8-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2548-7-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2548-10-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/2548-13-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2548-12-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/2548-11-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2548-16-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2548-19-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2548-30-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/2548-29-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2548-28-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/2548-27-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2548-26-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2548-25-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/2548-24-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2548-31-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/2548-46-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/2548-84-0x0000000002F00000-0x0000000002F01000-memory.dmp

Filesize
4KB

Download
memory/2548-83-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

Filesize
4KB

Download
memory/2548-82-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/2548-81-0x0000000002F20000-0x0000000002F21000-memory.dmp

Filesize
4KB

Download
memory/2548-80-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

Filesize
4KB

Download
memory/2548-79-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

Filesize
4KB

Download
memory/2548-78-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

Filesize
4KB

Download
memory/2548-77-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

Filesize
4KB

Download
memory/2548-76-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/2548-75-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download
memory/2548-74-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/2548-73-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/2548-70-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/2548-69-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/2548-68-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/2548-67-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/2548-66-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/2548-65-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/2548-64-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/2548-63-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download
memory/2548-62-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/2548-61-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/2548-60-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/2548-59-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/2548-58-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/2548-57-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/2548-56-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/2548-55-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/2548-54-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/2548-53-0x0000000002A30000-0x0000000002A31000-memory.dmp

Filesize
4KB

Download
memory/2548-52-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2548-51-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/2548-50-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/2548-49-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/2548-48-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/2548-47-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/2548-45-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/2548-44-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/2548-43-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/2548-42-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/2548-41-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/2548-40-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/2548-39-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/2548-38-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/2548-37-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/2548-36-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/2548-35-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/2548-34-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2548-33-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/2548-32-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/2548-23-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/2548-22-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/2548-21-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2548-20-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/2548-18-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/2548-17-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2548-15-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/2548-14-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/2548-87-0x0000000002F30000-0x0000000002F31000-memory.dmp

Filesize
4KB

Download
memory/2548-86-0x0000000002F40000-0x0000000002F41000-memory.dmp

Filesize
4KB

Download
memory/2548-95-0x00000000022B0000-0x00000000022F3000-memory.dmp

Filesize
268KB

Download
memory/2548-94-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3088-89-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3088-90-0x0000000000E20000-0x0000000000E63000-memory.dmp

Filesize
268KB

Download
memory/3088-97-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/3088-99-0x0000000000E20000-0x0000000000E63000-memory.dmp

Filesize
268KB

Download