ecd19df7a30769bdcdaa0f2e7fd8d984e770e34e23d9b9e1e59ebc919c223ed6

Analysis

max time kernel
142s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2024 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79d432c60c934dfbfcca80ade2f192ba_JaffaCakes118.dll
Size

269KB
MD5

79d432c60c934dfbfcca80ade2f192ba
SHA1

2d0adb9e762c5191c49bd9d887cfc1af22977eb6
SHA256

ecd19df7a30769bdcdaa0f2e7fd8d984e770e34e23d9b9e1e59ebc919c223ed6
SHA512

ff58123eaec41e81d939f9f003eb6e82b101085c7eedc18b393cd23edd86a8d56a33e34c2fa4f3e04c3cf63a2ea63f98fb07beffaac85f9502e45e9c53274253
SSDEEP

6144:FTdochbDK1aPqNaotanzwDH/yvjEp5ERAPzBn5aNyP7VL:MxaoIzwijEkGhMeVL

Score

7^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\CLSID\{2222222222222}\InprocServer32	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\CLSID\{2222222222222}\InprocServer32\ = "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\MSServerTypeLib15629312.dat"	rundll32.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\CLSID\{2222222222222}\InprocServer32	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\CLSID	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\CLSID\{2222222222222}	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\CLSID\{2222222222222}\InprocServer32\ = "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\MSServerTypeLib15629312.dat"	rundll32.exe
Key renamed	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\CLSID\{2222222222222}	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2480	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79d432c60c934dfbfcca80ade2f192ba_JaffaCakes118.dll,#1
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1404 --field-trial-handle=2224,i,17688331074622862378,73816879873678745,262144 --variations-seed-version /prefetch:8
1⤵
PID:3296

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2804

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2480-0-0x0000025910240000-0x0000025910250000-memory.dmp

Filesize
64KB

Download
memory/2480-16-0x0000025910340000-0x0000025910350000-memory.dmp

Filesize
64KB

Download
memory/2480-32-0x0000025918670000-0x0000025918671000-memory.dmp

Filesize
4KB

Download
memory/2480-34-0x00000259186A0000-0x00000259186A1000-memory.dmp

Filesize
4KB

Download
memory/2480-35-0x00000259186A0000-0x00000259186A1000-memory.dmp

Filesize
4KB

Download
memory/2480-36-0x00000259187B0000-0x00000259187B1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads