fe5abc2ad321a98c83d83baaab113a341f2e7bed5c85dd2cf762175c522e76e5

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
Size

64KB
MD5

e90323bad456502d56f8c1f6ae3c45f2
SHA1

dfe6c57914ac0db13d0f5a3b6873c2d633f4cd86
SHA256

fe5abc2ad321a98c83d83baaab113a341f2e7bed5c85dd2cf762175c522e76e5
SHA512

216624d8f86b9ee6cf039720404ccdfc88c1621a0426e21268d898583caa3cebef123b8bb454bd182aac94986c945a5dcda1e3c8971e3d11363128d108ac6006
SSDEEP

1536:/g7wc1aGNC0klI7CPN30d63mng/xjZYxuX0WUUNyl:I7wc1aOCo7C133WnUjZY5myl

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\Kazaa Lite.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\ICQ 4 Lite.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\Winamp 5.0 (en).exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\index.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\Kazaa Lite.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\WinRAR.v.3.2.and.key.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Winamp 5.0 (en).exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\Winamp 5.0 (en) Crack.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\index.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\Harry Potter.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\index.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\Winamp 5.0 (en).com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\Winamp 5.0 (en) Crack.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\ICQ 4 Lite.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Harry Potter.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\WinRAR.v.3.2.and.key.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\Kazaa Lite.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\Winamp 5.0 (en) Crack.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\index.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\index.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\Winamp 5.0 (en).ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\ICQ 4 Lite.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ICQ 4 Lite.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\Winamp 5.0 (en) Crack.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\REFINED\ICQ 4 Lite.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\Winamp 5.0 (en).ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\index.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\index.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\WinRAR.v.3.2.and.key.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\Harry Potter.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\Winamp 5.0 (en).ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\WinRAR.v.3.2.and.key.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\ICQ 4 Lite.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Winamp 5.0 (en).ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\index.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\Kazaa Lite.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\WinRAR.v.3.2.and.key.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\WinRAR.v.3.2.and.key.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\WinRAR.v.3.2.and.key.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\Winamp 5.0 (en) Crack.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\WinRAR.v.3.2.and.key.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\Harry Potter.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\Winamp 5.0 (en).com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\index.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\Winamp 5.0 (en).ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\Harry Potter.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\Winamp 5.0 (en).com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Harry Potter.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\Winamp 5.0 (en).exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\WinRAR.v.3.2.and.key.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\index.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\Winamp 5.0 (en) Crack.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\Kazaa Lite.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\Kazaa Lite.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\Kazaa Lite.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\ICQ 4 Lite.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\ICQ 4 Lite.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\Winamp 5.0 (en).exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\WinRAR.v.3.2.and.key.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VC\WinRAR.v.3.2.and.key.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\WinRAR.v.3.2.and.key.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\Harry Potter.ShareReactor.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\Kazaa Lite.com	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PROPLUS\Winamp 5.0 (en) Crack.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
File created	C:\Windows\lsass.exe	e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e90323bad456502d56f8c1f6ae3c45f2_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\index.ShareReactor.com

Filesize
64KB

MD5
e90323bad456502d56f8c1f6ae3c45f2

SHA1
dfe6c57914ac0db13d0f5a3b6873c2d633f4cd86

SHA256
fe5abc2ad321a98c83d83baaab113a341f2e7bed5c85dd2cf762175c522e76e5

SHA512
216624d8f86b9ee6cf039720404ccdfc88c1621a0426e21268d898583caa3cebef123b8bb454bd182aac94986c945a5dcda1e3c8971e3d11363128d108ac6006

Download Submit
memory/1680-0-0x0000000000800000-0x000000000080A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads