c939eb8764437fba3a00d07a69fda5cb6525ce186200bccab92316e4885ad63c

Analysis

max time kernel
147s
max time network
146s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5f985532446f333cb8626510a1741b10_JaffaCakes118.exe
Size

109KB
MD5

5f985532446f333cb8626510a1741b10
SHA1

bebf4ed598b88d677d6042be8f878f3cdf25d940
SHA256

c939eb8764437fba3a00d07a69fda5cb6525ce186200bccab92316e4885ad63c
SHA512

9c5841d73da56ea91d24afc0ab32848f3dd5ba4b720a3888cee2e903c69df08240e0ed2195053ab748ab0b92495a729a262b6eb9205f177e1a56880682a90dae
SSDEEP

1536:cuFa9Y6Zs9t/pWhqyvkdoHkucBKHf6DNOK/G4ZU8rmmaStcMx8PEiay0Q:nFsY6iE/kKHkucBcQ0K/9vmma9L190Q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1932-1-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2244-11-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2244-17-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2244-18-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2244-16-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2244-15-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2244-7-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2244-5-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/1932-14-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/2244-20-0x0000000010410000-0x0000000010446000-memory.dmp	upx
behavioral1/memory/2244-25-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1932 set thread context of 2244	1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	30

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\njhas\mmn.exe	iexplore.exe
File opened for modification	C:\Program Files (x86)\njhas\mmn.exe	iexplore.exe
File created	C:\Program Files (x86)\njhas\lma.dat	iexplore.exe
File opened for modification	C:\Program Files (x86)\njhas\lma.dat	iexplore.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2236	iexplore.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe
Token: SeDebugPrivilege	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe
Token: SeDebugPrivilege	2236	iexplore.exe
Token: SeDebugPrivilege	2236	iexplore.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2244	1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	30
PID 1932 wrote to memory of 2244	1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	30
PID 1932 wrote to memory of 2244	1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	30
PID 1932 wrote to memory of 2244	1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	30
PID 1932 wrote to memory of 2244	1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	30
PID 1932 wrote to memory of 2244	1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	30
PID 1932 wrote to memory of 2244	1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	30
PID 1932 wrote to memory of 2244	1932	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	30
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31
PID 2244 wrote to memory of 2236	2244	5f985532446f333cb8626510a1741b10_JaffaCakes118.exe	31

C:\Users\Admin\AppData\Local\Temp\5f985532446f333cb8626510a1741b10_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5f985532446f333cb8626510a1741b10_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\5f985532446f333cb8626510a1741b10_JaffaCakes118.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - Drops file in Program Files directory
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-1-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1932-14-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1932-8-0x0000000000230000-0x0000000000246000-memory.dmp

Filesize
88KB

Download
memory/2244-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2244-16-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2244-15-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2244-18-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2244-17-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2244-7-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2244-5-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2244-3-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2244-11-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2244-20-0x0000000010410000-0x0000000010446000-memory.dmp

Filesize
216KB

Download
memory/2244-25-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download