fa0d3ff1aada852fe0861a98a965cd9af3748bc803c9ace577b23d6f7468d734

Analysis

max time kernel
142s
max time network
139s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe
Size

218KB
MD5

946d398e364e0187b1a249b62d2d4022
SHA1

c83ae9278c094872a3cee741a496f6144c59819b
SHA256

fa0d3ff1aada852fe0861a98a965cd9af3748bc803c9ace577b23d6f7468d734
SHA512

6f2c10db7135df7f9f1e4095f05676a7dd3097528503587e00d612e4069f6a7cb8a4c2d9edea9b2a08daf3b29745afcf658856362251f9d2c133c2d49d11cae2
SSDEEP

3072:5CtI+7rPcv5Cvk3ksYIJmEOvhCqld/bb9o3TszuR3h4wkmXG/deJ2ovlBQl2jiHV:MI+na9nl6VlFhoDsKR3jRBlBQ2iHeL

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
332	csrss.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	\systemroot\assembly\GAC_32\Desktop.ini	csrss.exe
File created	\systemroot\assembly\GAC_64\Desktop.ini	csrss.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2028	328	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe
328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe
328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe
332	csrss.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe
Token: SeDebugPrivilege	328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
332	csrss.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 328 wrote to memory of 332	328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe	2
PID 328 wrote to memory of 2028	328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe	30
PID 328 wrote to memory of 2028	328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe	30
PID 328 wrote to memory of 2028	328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe	30
PID 328 wrote to memory of 2028	328	946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe	30
PID 332 wrote to memory of 2428	332	csrss.exe	31
PID 332 wrote to memory of 2428	332	csrss.exe	31
PID 332 wrote to memory of 868	332	csrss.exe	13

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs
1⤵
PID:868
- C:\Windows\system32\wbem\WMIADAP.EXE
  wmiadap.exe /F /T /R
  2⤵
  PID:2428

C:\Users\Admin\AppData\Local\Temp\946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\946d398e364e0187b1a249b62d2d4022_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 188
  2⤵
  - Program crash
  PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system32\consrv.dll

Filesize
53KB

MD5
63e99b675a1337db6d8430195ea3efd2

SHA1
1baead2bf8f433dc82f9b2c03fd65ce697a92155

SHA256
6616179477849205eb4075b75a042056d196f45d67f78929dbb3317a35ccbea9

SHA512
f5b986eafa38dbc9ad7759784ac887ecbb9c8d8009a3f33e91b9c9ceeaf043ed3e4ddab8e6b6b77e54aed9fcecab02442c8ff253f2136ea06996d05ddd68199f

Download Submit
\??\globalroot\systemroot\assembly\temp\@

Filesize
2KB

MD5
655b4155655bec8db0155a6d6db0c6f0

SHA1
6381d5e82db671de73a2a6e00a33d3c9aff30a58

SHA256
5cd2c40e5c243491042b141d3f34fe3e711ceef665c1fa64f4567436ff1b798f

SHA512
9f2d3d8c678451824a42d50e963e74677e55f540f5e509bbd9dd575205aa3165a196c45a3175b101a6c053e41f6dc95675626d776c73489467968c774e8a5662

Download Submit
memory/328-10-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-9-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-8-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-7-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-6-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-5-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-4-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-3-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-2-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-1-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-0-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/328-25-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-24-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-23-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-22-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-21-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-20-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-19-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-18-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-17-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-16-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-15-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-14-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-13-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-12-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-94-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-93-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-92-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-91-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-90-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-89-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-88-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-87-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-86-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-85-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-84-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-83-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-82-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-81-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-80-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-79-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-78-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-77-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-76-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-75-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-74-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-73-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-72-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-71-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-70-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-69-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-68-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-67-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-66-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-65-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-64-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-63-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-62-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-61-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-60-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-59-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-58-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-57-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-56-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-55-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-54-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-53-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-52-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-51-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-50-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-49-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-48-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-47-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-46-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-45-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-44-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-43-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-42-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-41-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-40-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-39-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-38-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-37-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-36-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-35-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-34-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-33-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-32-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-31-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-30-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-29-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-28-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-27-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-26-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-11-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-95-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/328-105-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-102-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-98-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-106-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-107-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-108-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-109-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-116-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-140-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-157-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-160-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-159-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-158-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-156-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-155-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-154-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-153-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-152-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-151-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-150-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-149-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-148-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-147-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-146-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-145-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-144-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-143-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-142-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-141-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-139-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-138-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-137-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-136-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-135-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-134-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-133-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-132-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-131-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-130-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-129-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-128-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-127-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-126-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-125-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-124-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-123-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-122-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-121-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-120-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-119-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-118-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-117-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-115-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-114-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-113-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-112-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-111-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download
memory/328-110-0x0000000000380000-0x00000000003BE000-memory.dmp

Filesize
248KB

Download