c93dd9e857c708d7518dc27294da60fc86f8f3c1892356c8a9d22e00dc6cdb49

Analysis

max time kernel
142s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e76a6420e57a23e42d3c846200dde60_JaffaCakes118.exe
Size

649KB
MD5

5e76a6420e57a23e42d3c846200dde60
SHA1

c833ea5325009d85c334a77a50188c3cc7df117d
SHA256

c93dd9e857c708d7518dc27294da60fc86f8f3c1892356c8a9d22e00dc6cdb49
SHA512

00fdcd61657b2a9e830e393377dff63872ef62c87dd54adb51cd9fe7c27712b8b338b787ec4c3ce66461e34787bde943fb9cddcd874555370c2b31c6c95bc3db
SSDEEP

12288:2kMUFBlnajyYT5EOGnp9y56DfirVq8MavyTTzDF3Z4mxxwxtRnoI97dbGko:FMyVYNEJQwuVPSTzDQmXmtGI97d6ko

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4820	Hacker.com.cn.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Hacker.com.cn.exe	5e76a6420e57a23e42d3c846200dde60_JaffaCakes118.exe
File created	C:\Windows\Hacker.com.cn.exe	5e76a6420e57a23e42d3c846200dde60_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2624	5e76a6420e57a23e42d3c846200dde60_JaffaCakes118.exe
Token: SeDebugPrivilege	4820	Hacker.com.cn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4820	Hacker.com.cn.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 4956	4820	Hacker.com.cn.exe	88
PID 4820 wrote to memory of 4956	4820	Hacker.com.cn.exe	88

C:\Users\Admin\AppData\Local\Temp\5e76a6420e57a23e42d3c846200dde60_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5e76a6420e57a23e42d3c846200dde60_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2624

C:\Windows\Hacker.com.cn.exe
C:\Windows\Hacker.com.cn.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:4956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Hacker.com.cn.exe

Filesize
649KB

MD5
5e76a6420e57a23e42d3c846200dde60

SHA1
c833ea5325009d85c334a77a50188c3cc7df117d

SHA256
c93dd9e857c708d7518dc27294da60fc86f8f3c1892356c8a9d22e00dc6cdb49

SHA512
00fdcd61657b2a9e830e393377dff63872ef62c87dd54adb51cd9fe7c27712b8b338b787ec4c3ce66461e34787bde943fb9cddcd874555370c2b31c6c95bc3db

Download Submit
memory/2624-11-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2624-2-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/2624-4-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/2624-13-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/2624-12-0x00000000034C0000-0x00000000034C3000-memory.dmp

Filesize
12KB

Download
memory/2624-0-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2624-10-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2624-9-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/2624-7-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/2624-15-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

Filesize
4KB

Download
memory/2624-8-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2624-3-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2624-6-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2624-17-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2624-16-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/2624-14-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/2624-5-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2624-1-0x0000000002330000-0x0000000002384000-memory.dmp

Filesize
336KB

Download
memory/2624-22-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2624-23-0x0000000002330000-0x0000000002384000-memory.dmp

Filesize
336KB

Download
memory/4820-24-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4820-25-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4820-29-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download