610fc064ce768e6688dd1cae5153031c3f45d8d55d5a5a9a0c8593af816f0bd7

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2bf30a25d69fbcffd987bb94a777c2f_JaffaCakes118.exe
Size

13KB
MD5

f2bf30a25d69fbcffd987bb94a777c2f
SHA1

d2e1dc0ee1e2704591d3c6ea1ffb76791f771e5d
SHA256

610fc064ce768e6688dd1cae5153031c3f45d8d55d5a5a9a0c8593af816f0bd7
SHA512

2eda149bd198d4e911d640ea60ff1f71776e7d520cfbebd2445c941cda0ad3736dd442e357af87a31b5a270c97e9a0204c24bc17059f8f6bed88f26ef2914887
SSDEEP

192:jvGb1WEGapxHLuIvBvuNKn0/M81DmuhqFi1eo60PpUwuu:TK8spfvunmdAeoPPp7

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	f2bf30a25d69fbcffd987bb94a777c2f_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	f2bf30a25d69fbcffd987bb94a777c2f_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1184	f2bf30a25d69fbcffd987bb94a777c2f_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1184	f2bf30a25d69fbcffd987bb94a777c2f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f2bf30a25d69fbcffd987bb94a777c2f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f2bf30a25d69fbcffd987bb94a777c2f_JaffaCakes118.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~!#8A16.tmp

Filesize
11KB

MD5
7845f12d8597a5b077d3636872a88edd

SHA1
3d4d900ed9c2e84af19ce8417baadacbac2e3511

SHA256
50078d5d41b0cdf4c1600fa563d05c6340a8ea04a1e72a658a201dd22ef2afd0

SHA512
7b35394cb1152ec9dbede80daccd07fdf3b58926c78a5efa333cfc9179a109b491848b2bd52d826c9cd2be74cad50b8f691765492053b8bf0e584f79f3db4b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#9518.tmp

Filesize
14KB

MD5
77c3b7db3624ae0c6819517eef6a6593

SHA1
34991253a77083ff4cc1ff446b38b063b75df2da

SHA256
b64235f9033b6c4f381f4fd53a2a4051d03737af7f74a83ad34d96471731f21f

SHA512
1440b0c3ae6dd802fa39a7ddb2ed5940e3d385e79421664bb07247a0c8fbbcec4af1718fa53cb242eb5beeeda79a6a0a67037e3a9c9f401f2ea55fb591743d9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#AD32.tmp

Filesize
7KB

MD5
30cdfc292813298d7632b9c7f887add0

SHA1
eeed5fd3b2a91acee1f5c8b2c15f4c0c7a115b8c

SHA256
c8a8585e054dcebac2af7ca2a1e618e731a55c17fe2a7415ce71d52ca23ad28e

SHA512
5ad40011824a1889a808deb23c464809bfba656f06bb00a381a0ebdb38f9ee90407947d17ae6adcea8c4b639989c210a770e5379405436af72f7c94c9b1ec8e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#B112.tmp

Filesize
10KB

MD5
971ada35dce48ad5f98ec58bc9e1c2c3

SHA1
ddbfd100e5dc2eba8cec86b8f01c12e50888d514

SHA256
7b9a9321e04d30ceccf851ef9776dda1ff8e71b2141303d62b6af03e67f09e9d

SHA512
41f31627560950dadc61406aed0898951013ef5d982920d420221afb5953493a4ae85f8498f3b6c94ba5895f176c88d0d578560cf35c0080db91257ac196ecb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#B1FE.tmp

Filesize
13KB

MD5
9327eed19825c225915a5b4f5a8cc3dc

SHA1
326437d7c4f8af88781b1567f1887b283e497e39

SHA256
bb9da07af7fb562be9fb85b0052b0dc37f9bd431c7fd6e643d937221dd4822c3

SHA512
98fba3992c12599a591f0f26830b46e5a8b90cae1430cf6bea23ce560c053789edb99b85b57e3bcabec9c980e01af3cce87b9f5f1c9c8f752b1a097874081251

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#B766.tmp

Filesize
10KB

MD5
341764a7e6886338abcb0a20c8c9f6d0

SHA1
c57f672d5b318f22f8495eb48730583e3a835e0b

SHA256
ee7514b4fce89134097969d4240b0b6c94c04d8a9e9a0bd238154320ce3990bb

SHA512
3cd317aedc91ccea2e88374d30c7fcc9c85cc506d2e1c7e0ce7df90c6e24f4dd26142a4de0b4b01aa633cc10dbd9e5b5fbac76eaf9bfc8ae1566287f7de4e3f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#B99C.tmp

Filesize
18KB

MD5
44ffe44437acea808c3d015350e9881d

SHA1
c962a9526f6e6e598c51ad294e28ef5666703cce

SHA256
cacb8ba6669157771013e6ec4d8148d8584a4d797776077c072b0b765502657b

SHA512
7d17868f7630e27bd4eaca411a494ab51d0e7c8de444b5bd8b33de7a5c182a59e334c9182853f777e7cc5750656a0348ca4fbe9f80bb7fd950ae9e2063020a91

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#BCAF.tmp

Filesize
10KB

MD5
9b99f68033ce8f97ac83492605bbd5d5

SHA1
da1aec2fbc680f6ee6f7efebcbb8607ab0d3ffa4

SHA256
b2b7a6aa91689937f286c664fa797c4b68dbe5732acfbd3230d063692ae3a44e

SHA512
cfe250691e7c8fd09fe0736646a68dbfcd3a4f264b4c5a726c0843a714d17729247f22bb3cfcb9b2174d21603ec18220268c9c564d25866cdca4780599946cf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#C10D.tmp

Filesize
9KB

MD5
4da64a276b11b81fd1d7c362ef3b6ca3

SHA1
4344442360dac845a8eb36f234fe1a4a6593a278

SHA256
20d02dc0efcece138b7ddcd4f3f01923ca108fde4519c0eb5bc9a19ec11aff44

SHA512
04d6c180b73862cca735931354b250ad5edf1fca36e1cb71a915dcfd77ae27151c098b3b5890e1391dde573c680639217c8d906aee1a71e69b64e2f7c404f4c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#C2C6.tmp

Filesize
4KB

MD5
f153d58b40f9786b2e75775c66a7545f

SHA1
dadb697e34ecfd6c37bd6f5ed3d4d3dddd95dbb9

SHA256
2e676950fb8e7b569e05b545771c63c5dc8e301940d65bd5033b8e26b1ec4c04

SHA512
553bc29a768d92e24a855c9604b36f4b7e19c436ee7b60e971f9bb89c59c3e20c2f6e7287b8adced335b5c6799a371969d56a16c39cfa9f6bb2ede70e7949972

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#C762.tmp

Filesize
12KB

MD5
3a953fc576a9c9ef7a891d31a5e7452a

SHA1
6ae2ab43b28612c2712be7a4ba50074efd358c60

SHA256
489be193ffc84903d3727e964d88aaf07af6b1255920bcb829f09fec62a1403b

SHA512
2dcaec93f1a9a49b60047c36595e69d4346955ef1e79d74806fa0bcc36cf975f823c9371f7aa6691091d52c47f92726af3f6f0bf9be041a76c5f023e1c7fb307

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#CBBF.tmp

Filesize
20KB

MD5
724bc5f333a5f583c972972d6f9722d4

SHA1
99940c70197aa902e585294744d4ae8556e3e201

SHA256
14cff447414941f6b735e224c2eccab61dbc1907cb6a7b955064c052c6ec8eee

SHA512
38a13b9db304ce2ba14696ead0dbdbab7aaef02f3205c7cf876a9a100bbc6b748985dfb6a401dfc5462af73c11fe11aa45dddbf61a12aa088079cd8a513c15a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#CC2D.tmp

Filesize
13KB

MD5
70c7be5b8b96458546224a6c6b7b20a2

SHA1
464c60f4d62a309729d19fac68556d8a9768ddf1

SHA256
d8031d4b4ded9c20eb41d13faed4229bf245b5de1f3ec62c3a0bbd36f2fd4ad5

SHA512
f7540f1698684f9a2db1c3b1454b682d01fed3752245a614be79c0f7bc692a70fe8c1f0e5adf3a8c3191cd819ef17652ab70d98f662f9623fba2bc18204a1b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#CC9C.tmp

Filesize
4KB

MD5
f887ad830ae23aa49e58deaffd00b784

SHA1
33b9a142a66440f3f031ad204e3497ee8702d1a0

SHA256
bc0be93a80e956ac273987158e683ff81466677b0e0cbe459c0b72aada2d3c78

SHA512
1b70c91b4775a0f959b2f87973be5fda33b889f1d2d7b359d72af0617a6df488507e5cebf270dbd66993ea2438d1cf1345f3e3eebc8be4bc13fec50d6f55dc01

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#D33E.tmp

Filesize
11KB

MD5
4cc04d79fa1893dc60e7c1b3df05894a

SHA1
1bcc75c0ce5181527129ace000a694fc4f0bba75

SHA256
2cae27eda1ffbf9c0edddd265308f6be76a1a0c4b1b0627de50c270ed8fbaa3b

SHA512
d5d6a4518f5f9047576b701b40bce14a2bbb6c936067b356d0b3d54249a24280d47c63c61a5f47423718fd12e3f8e9aba1763cde7db8ef964849bea61cac11a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#D915.tmp

Filesize
4KB

MD5
f6cf7394802b5ef61f0edf4b9eaacba3

SHA1
cf23b1601cae146c94aab4fed4e3cab5cf2eee4e

SHA256
b20b5f4f74ec6680f186ec0a107dc33f0243dd2fccfb8bc76b9e5858d67970a5

SHA512
50f5d498f49b1951b14273e13baaa4949166bafa9910be8fbcdd2f602469bbffd3dc7a6a63996c1c06ede5a0ce4c1419636149e1e3d7766d71c18b239dc8f92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#DC28.tmp

Filesize
12KB

MD5
281bdee589394fc6a8094613942a0457

SHA1
3041233e3014542501608aa079982232eb584a79

SHA256
5c6d2bd890bbfbf248bb8aa029525213d26911704822eff1625018a11355e413

SHA512
75c3148114e926984a99ef4f219d5e1b037d5f54c066ab5a5c5508eb8947d5c464eb3d1cf47331a0ddbd0b0e57e88647235da2405b0923cc6ec2dbe9f5f5845b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#DDF1.tmp

Filesize
12KB

MD5
45a2aebb65e1283324041c3cf6e63d76

SHA1
9927b39f89e5d9e4802bd774bb60c50f5d0f2b52

SHA256
660fde3f4e84a59d5e46f28ae4f1cf6ba7dd311099979d943508157f23523e40

SHA512
1112d82d37971fffa519c2fa3713b6076019cf62c7639d47aebc0ab1ade34bd48d5267a83291c11c6d1a2a5bc0a23b69643b0e57a98bbbcb56a2cd1adb61e32b

Download Submit
memory/1184-147-0x0000000000030000-0x0000000000032000-memory.dmp

Filesize
8KB

Download
memory/1184-0-0x0000000000030000-0x0000000000032000-memory.dmp

Filesize
8KB

Download