626d90207c7c73ecef8b5e389144e7b50abcdff92e393e2a79bc57902b3c041e

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 11:17

Target

6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe
Size

301KB
MD5

6303a5ce0d608329cc363bbbf98b9bde
SHA1

4818065183e8ba7a90d1a23d3bcb51142f6c7eb9
SHA256

626d90207c7c73ecef8b5e389144e7b50abcdff92e393e2a79bc57902b3c041e
SHA512

a35c31ea32afd0c20b80ae470da6000512a1221029ce717578ddabf40b2f0fc1229750c39793ff524789a1ebfe7b57dcf4609e92ca1a66f9ba1793c1ab8d51a3
SSDEEP

6144:eZ9UfckY6VaJo7u1XR/PlfZzqL+wKtcA9bQ9HLLEGzWkLWiR2Vm0WAsL7H:4NkY6VauKRWLODbQxsAWfv0

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\safe.ico	6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe

Drops file in Program Files directory 14 IoCs

description	ioc	Process
File created	C:\progra~1\ico\$dpx$.tmp\85a78d859faf1745b178059ff626fc01.tmp	expand.exe
File opened for modification	C:\progra~1\ico\$dpx$.tmp\job.xml	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\917f8ebbbb27154e9277d13b4c5ae80a.tmp	expand.exe
File opened for modification	C:\progra~1\ico\Film.ico	expand.exe
File opened for modification	C:\progra~1\ico\$dpx$.tmp	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\37e47ff7cf5ccd45bce8eb5b3f67d1d3.tmp	expand.exe
File opened for modification	C:\progra~1\ico\Taobao.ico	expand.exe
File opened for modification	C:\progra~1\ico\Video.ico	expand.exe
File opened for modification	C:\progra~1\ico\Beauty.ico	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\d38c2098e5e1d646864bf30b827d7c0b.tmp	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\2b9d5d52cb55024687df1f4dd6005b79.tmp	expand.exe
File opened for modification	C:\progra~1\ico\Chat.ico	expand.exe
File created	C:\progra~1\ico\$dpx$.tmp\152ff7e14b580049b142091d3edeeaf2.tmp	expand.exe
File opened for modification	C:\progra~1\ico\Music.ico	expand.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DPX\setupact.log	expand.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	expand.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2840	6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2840	6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe
2840	6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe
2840	6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2696	2840	6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe	30
PID 2840 wrote to memory of 2696	2840	6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe	30
PID 2840 wrote to memory of 2696	2840	6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe	30
PID 2840 wrote to memory of 2696	2840	6303a5ce0d608329cc363bbbf98b9bde_JaffaCakes118.exe	30
PID 2696 wrote to memory of 2748	2696	cmd.exe	32
PID 2696 wrote to memory of 2748	2696	cmd.exe	32
PID 2696 wrote to memory of 2748	2696	cmd.exe	32
PID 2696 wrote to memory of 2748	2696	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\wWdvD.bat

Filesize
98B

MD5
ada787702460241a372c495dc53dbdcf

SHA1
da7d65ec9541fe9ed13b3531f38202f83b0ac96d

SHA256
0d0f600f95192d2d602dbda346c4e08745295f331f5a0349deae21705367b850

SHA512
c86091735b855691c89c7946145591dec6a6a6a36a2438d392587a9cc1f2d85c1ebe44fcff1cc9d94271a24ebbc2ca38639577a6f5c592e9e10517da26572708

Download Submit
\??\c:\users\admin\appdata\local\temp\ico.cab

Filesize
18KB

MD5
f462d70986dc71a5ff375a82bd9e3677

SHA1
f3d9c09a0ff51d81377e15ae4e0e2fceaede142b

SHA256
69528b0fb4e1bc3fb8d92839d98e0717b3f680d98fdfcb9809a2f557aacab295

SHA512
5bd2d67bb78dc8c4275390667c135ed10c4733e46ce58ef524ea79869f740db00d2f4a37b949896edcbf1ebbfa1ab4dd16afab4418ff637322883435bb7543ec

Download Submit
memory/2840-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2840-0-0x0000000000400000-0x000000000053C000-memory.dmp

Filesize
1.2MB

Download
memory/2840-2-0x0000000000400000-0x000000000053C000-memory.dmp

Filesize
1.2MB

Download
memory/2840-37-0x0000000000400000-0x000000000053C000-memory.dmp

Filesize
1.2MB

Download
memory/2840-38-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download