07f97a7500986eea69aa74c3ed9e6b21960fc2ffd2b0ed04ec2658aa9952bac3

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 19:21

Target

5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe
Size

747KB
MD5

5d50f520b4784e6253aed80b21abaa4c
SHA1

9cb48201127111edbb87ec23cd864dc445ae1b23
SHA256

07f97a7500986eea69aa74c3ed9e6b21960fc2ffd2b0ed04ec2658aa9952bac3
SHA512

ecec7bec1ab8258e73a4f8b4f9fb45c3a69342d4ba44eb8620b6657a4fcabbd8e3d6a06990605fdfbe97adf311ebdcaacd847593ce7c82843510e53e9b5dbd5c
SSDEEP

12288:yQ1KfnICro53524stIqhdkR28h2FM0z12OnpQDz3sjbsqfDPmsfN9wXv/lCxR1JX:xqnICro5p243qhdkR2ZFM0zwOpQDz3sx

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2236	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
1864	hmj

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\hmj	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe
File opened for modification	C:\Windows\hmj	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe
File created	C:\Windows\uninstal.bat	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2336	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe
Token: SeDebugPrivilege	1864	hmj

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1864	hmj

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2172	1864	hmj	31
PID 1864 wrote to memory of 2172	1864	hmj	31
PID 1864 wrote to memory of 2172	1864	hmj	31
PID 1864 wrote to memory of 2172	1864	hmj	31
PID 2336 wrote to memory of 2236	2336	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe	32
PID 2336 wrote to memory of 2236	2336	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe	32
PID 2336 wrote to memory of 2236	2336	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe	32
PID 2336 wrote to memory of 2236	2336	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe	32
PID 2336 wrote to memory of 2236	2336	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe	32
PID 2336 wrote to memory of 2236	2336	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe	32
PID 2336 wrote to memory of 2236	2336	5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d50f520b4784e6253aed80b21abaa4c_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\uninstal.bat
  2⤵
  - Deletes itself
  PID:2236

C:\Windows\hmj
C:\Windows\hmj
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2172

C:\Windows\hmj

Filesize
747KB

MD5
5d50f520b4784e6253aed80b21abaa4c

SHA1
9cb48201127111edbb87ec23cd864dc445ae1b23

SHA256
07f97a7500986eea69aa74c3ed9e6b21960fc2ffd2b0ed04ec2658aa9952bac3

SHA512
ecec7bec1ab8258e73a4f8b4f9fb45c3a69342d4ba44eb8620b6657a4fcabbd8e3d6a06990605fdfbe97adf311ebdcaacd847593ce7c82843510e53e9b5dbd5c

Download Submit
C:\Windows\uninstal.bat

Filesize
218B

MD5
dc8a03dbf04ae63591b9c4657bd18670

SHA1
50639c7c377e05f7d7c38a107e5d4c982f263e06

SHA256
64f43379ba6895aa167412e4cdde63d0fbf477724c3feda67bbfbabd4846e9be

SHA512
eb1f40b7269e3104b5e324a838c665f9651d4075cf707932c5e3fe49063e1becfd7a631a79ba11c0912af9beaac492f1450f917d6ec128ac4ca28c13abb8ee2c

Download Submit
memory/1864-5-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/1864-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1864-18-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/1864-20-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2336-0-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2336-3-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2336-16-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download