0b896b27beeb8357fa37f52bddfa742e6979434dcc6cc78dc946c8f06e6d4be7

General

Target

e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Size

3KB
MD5

e8df410873e4248761dc7385ca9310c4
SHA1

98c34f36be5fd299d0f1d23f3e0c53e2ba56a156
SHA256

0b896b27beeb8357fa37f52bddfa742e6979434dcc6cc78dc946c8f06e6d4be7
SHA512

bf2bef337d71a959352aa790daa391c8baf4379a6a7957a6971789d9dbc104f5a6df09d0a41fb61f825d9db19745cb621861187ee2e7feb272a53b8c86bc370e

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe

Modifies data under HKEY_USERS 24 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3600A9AB-2339-4FB1-BB52-06A5D83DB5F3}\WpadDecisionTime = 00374df51a8ada01	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3600A9AB-2339-4FB1-BB52-06A5D83DB5F3}\WpadNetworkName = "Network 3"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e6-c8-d3-93-f2-1f	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3600A9AB-2339-4FB1-BB52-06A5D83DB5F3}\e6-c8-d3-93-f2-1f	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e6-c8-d3-93-f2-1f\WpadDecisionReason = "1"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3600A9AB-2339-4FB1-BB52-06A5D83DB5F3}\WpadDecision = "0"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e6-c8-d3-93-f2-1f\WpadDecision = "0"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f004d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3600A9AB-2339-4FB1-BB52-06A5D83DB5F3}	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3600A9AB-2339-4FB1-BB52-06A5D83DB5F3}\WpadDecisionReason = "1"	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e6-c8-d3-93-f2-1f\WpadDecisionTime = 00374df51a8ada01	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe"
1⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\e8df410873e4248761dc7385ca9310c4_JaffaCakes118.exe -A
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/836-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2136-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2136-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads