Malware Analysis Report

2025-03-14 22:52

Sample ID 240406-1fslxscd38
Target e356bc4de872e244470ac69afed47ad6_JaffaCakes118
SHA256 104f5602ad56976bcb9eda6e979ae60242e98e4edbbd17bf2c01a2a55f55b208
Tags
evasion persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

104f5602ad56976bcb9eda6e979ae60242e98e4edbbd17bf2c01a2a55f55b208

Threat Level: Known bad

The file e356bc4de872e244470ac69afed47ad6_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

evasion persistence

Modifies visiblity of hidden/system files in Explorer

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Adds Run key to start application

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-06 21:35

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-06 21:35

Reported

2024-04-06 21:38

Platform

win7-20240221-en

Max time kernel

161s

Max time network

168s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e356bc4de872e244470ac69afed47ad6_JaffaCakes118.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" C:\Users\Admin\gieedeb.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\gieedeb.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /z" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /j" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /T" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /Z" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /m" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /H" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /c" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /g" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /x" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /Y" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /W" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /e" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /S" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /r" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /t" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /U" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /A" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /J" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /w" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /l" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /G" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /d" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /V" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /p" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /h" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /N" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /i" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /n" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /D" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /v" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /X" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /L" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /y" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /b" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /I" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /M" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /K" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /f" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /F" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /E" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /k" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /q" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /u" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /R" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /P" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /B" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /C" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /a" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /s" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /O" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /o" C:\Users\Admin\gieedeb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Windows\CurrentVersion\Run\gieedeb = "C:\\Users\\Admin\\gieedeb.exe /Q" C:\Users\Admin\gieedeb.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e356bc4de872e244470ac69afed47ad6_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\gieedeb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e356bc4de872e244470ac69afed47ad6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e356bc4de872e244470ac69afed47ad6_JaffaCakes118.exe"

C:\Users\Admin\gieedeb.exe

"C:\Users\Admin\gieedeb.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ns1.player1532.com udp
US 107.178.223.183:8000 ns1.player1532.com tcp

Files

\Users\Admin\gieedeb.exe

MD5 c09b10a3a278bfa823790f0d0ced6f95
SHA1 7dc9427709460fc1899319c6fbe7f8d97c7de8b5
SHA256 bcc29035bf08918737c34e2e04ef3eb1b4bd7df95d4b7d56cfcd8430ebb350c0
SHA512 9773d632631a22d451403850c26be94d39b3e791adf78f2da1d60282200c35a3de9fc7291c11bf0d753a44eb16fabbdd11e948e5c9aa291bca493445384639cf

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-06 21:35

Reported

2024-04-06 21:38

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e356bc4de872e244470ac69afed47ad6_JaffaCakes118.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" C:\Users\Admin\siupin.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\e356bc4de872e244470ac69afed47ad6_JaffaCakes118.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\siupin.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /m" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /Y" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /N" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /D" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /c" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /w" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /l" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /y" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /P" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /t" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /f" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /F" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /v" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /S" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /p" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /W" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /I" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /G" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /b" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /L" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /X" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /V" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /r" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /U" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /x" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /z" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /B" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /s" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /q" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /K" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /Z" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /M" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /j" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /n" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /R" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /Q" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /u" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /O" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /i" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /h" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /J" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /a" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /d" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /o" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /H" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /A" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /k" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /C" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /T" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /E" C:\Users\Admin\siupin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\siupin = "C:\\Users\\Admin\\siupin.exe /e" C:\Users\Admin\siupin.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\e356bc4de872e244470ac69afed47ad6_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\siupin.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e356bc4de872e244470ac69afed47ad6_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\e356bc4de872e244470ac69afed47ad6_JaffaCakes118.exe"

C:\Users\Admin\siupin.exe

"C:\Users\Admin\siupin.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3348 --field-trial-handle=3488,i,1267426273081718772,6254127258555406296,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 ns1.player1532.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

C:\Users\Admin\siupin.exe

MD5 76a1c9aa15931569f9a6d4b28dcfbb41
SHA1 1953cb05c3a59b7521cc186d56493c93ede9aef9
SHA256 07cbe5b3634a0673386dc0f40de026cdb88e96087ba2c831cef0ab90cc50551d
SHA512 6ad940722031c5a061b41fa7ea8be828c2bc5fa97078fb7235635190eba5adfc26b2dadf4eb81117a7e387d3f505548adbbcdfb8a803d5d0902c9e4af1e9beee