f934c317df26e718603ea4654d6df08c039cdcf1de14a7495964d9bf9c4f4e05

Analysis

max time kernel
137s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe
Size

199KB
MD5

eb4f2cc80d0e3b2d1e6d665375d244fb
SHA1

9fd6299936fe2b687699f2584063e1d75ea2fd29
SHA256

f934c317df26e718603ea4654d6df08c039cdcf1de14a7495964d9bf9c4f4e05
SHA512

13d6b72e19fbc0ba11d45f8e22d030ddbd108bbd0749bbfa377c0278f29ca45965b1fab180fec86666d42d2fa410fe73e5bf141d185f60f6e7a99c2ef1a29148
SSDEEP

6144:IBLzCqtzgpAbZ9nVW5GJZ2tNYLj8MfsU+CKUc/fyDx:EXCqzgpaFVzYKj86sU+ZUc+

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3264 set thread context of 1872	3264	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	91

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1872	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe
1872	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe
1872	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe
1872	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3264	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3264 wrote to memory of 1872	3264	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	91
PID 3264 wrote to memory of 1872	3264	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	91
PID 3264 wrote to memory of 1872	3264	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	91
PID 3264 wrote to memory of 1872	3264	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	91
PID 3264 wrote to memory of 1872	3264	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	91
PID 3264 wrote to memory of 1872	3264	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	91
PID 3264 wrote to memory of 1872	3264	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	91
PID 1872 wrote to memory of 3316	1872	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	57
PID 1872 wrote to memory of 3316	1872	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	57
PID 1872 wrote to memory of 3316	1872	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	57
PID 1872 wrote to memory of 3316	1872	eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3316
- C:\Users\Admin\AppData\Local\Temp\eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3264
- - C:\Users\Admin\AppData\Local\Temp\eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\eb4f2cc80d0e3b2d1e6d665375d244fb_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3944 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:4956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1872-77-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1872-171-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1872-175-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3264-0-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/3264-1-0x00000000022E0000-0x00000000022E3000-memory.dmp

Filesize
12KB

Download
memory/3264-2-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-4-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3264-3-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3264-5-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3264-6-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-7-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3264-8-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3264-10-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3264-9-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3264-11-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-12-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-14-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-15-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-16-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-13-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-17-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-18-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-19-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-20-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-21-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-22-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/3264-23-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-26-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/3264-27-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3264-28-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/3264-29-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/3264-31-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/3264-30-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/3264-32-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3264-34-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/3264-33-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3264-35-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/3264-36-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/3264-38-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/3264-37-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/3264-39-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/3264-40-0x0000000002D40000-0x0000000002D41000-memory.dmp

Filesize
4KB

Download
memory/3264-41-0x0000000002D30000-0x0000000002D31000-memory.dmp

Filesize
4KB

Download
memory/3264-42-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/3264-43-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/3264-44-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/3264-45-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/3264-46-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/3264-47-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/3264-48-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/3264-49-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/3264-50-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/3264-52-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/3264-51-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/3264-53-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/3264-54-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/3264-55-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/3264-56-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/3264-57-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/3264-58-0x0000000002E80000-0x0000000002E81000-memory.dmp

Filesize
4KB

Download
memory/3264-59-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/3264-60-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/3264-61-0x0000000002E90000-0x0000000002E91000-memory.dmp

Filesize
4KB

Download
memory/3264-62-0x0000000002EC0000-0x0000000002EC1000-memory.dmp

Filesize
4KB

Download
memory/3264-63-0x0000000002EB0000-0x0000000002EB1000-memory.dmp

Filesize
4KB

Download
memory/3264-64-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

Filesize
4KB

Download
memory/3264-65-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

Filesize
4KB

Download
memory/3264-174-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/3316-177-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download