773828acf9dff953d04d7c99a95c7dec0972fca55f271729a0693963e0eac1b9

Analysis

max time kernel
41s
max time network
32s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08-07-2023 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Jagevod.exe
Size

1.0MB
MD5

b57310fe4ef9bc46048a7071bd093aeb
SHA1

778c56c107b0ea9cc5bc4f65081bb00c9b1acd91
SHA256

773828acf9dff953d04d7c99a95c7dec0972fca55f271729a0693963e0eac1b9
SHA512

f765f1444545301605bf9d865f0dd388c9e6e795c6a9ec11fe54e261ac2680f30e38f6a44eb3dabdd4cb8deb780a13e5ab0e11594bf49e0073effdb5b819326f
SSDEEP

24576:B47j3JbmYUPFt2fFTZf8mWSgS55miP6UaEGIilo2egEa870iBh:BUMY+Ft2f9Zf8mWSg45mydjGIilo2sa+

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 31 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	Jagevod.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Jagevod.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	Jagevod.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257"	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	Jagevod.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	Jagevod.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewVersion = "0"	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_Classes\Local Settings	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}	Jagevod.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16"	Jagevod.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	Jagevod.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Jagevod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}"	Jagevod.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Jagevod.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Jagevod.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Jagevod.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Jagevod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Jagevod.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1"	Jagevod.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1"	Jagevod.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Jagevod.exe
Key created	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg	Jagevod.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	Jagevod.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2316	Jagevod.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2316	Jagevod.exe

C:\Users\Admin\AppData\Local\Temp\Jagevod.exe
"C:\Users\Admin\AppData\Local\Temp\Jagevod.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2316-54-0x00000000047C0000-0x00000000047D0000-memory.dmp

Filesize
64KB

Download
memory/2316-55-0x0000000004680000-0x0000000004681000-memory.dmp

Filesize
4KB

Download