3598b2b039ee792d286e36cc0bfd70cb32e945557fe6242738c09b7f0d6220f4

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 09:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe
Size

140KB
MD5

fc75e4bcdb18945f30721cdd3a15ea2c
SHA1

29ecc9811c6e019a273d98e45cffc3c0bc42aff5
SHA256

3598b2b039ee792d286e36cc0bfd70cb32e945557fe6242738c09b7f0d6220f4
SHA512

bc89b03a662014ecea93e675d9278be6e388598959e56acea3fc679cc681670e881590dc8a97e31a4c2b13147b5559ad1f14431cf6732a584003749abddabec9
SSDEEP

3072:EzzIS2PUcbif2XuGp40vbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU70GfdN:Ez8S2PTiuXuGW0jwvP6bQ7yMP+DE827D

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

Processes:

fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe

description ioc process

File created C:\Windows\SysWOW64\mprmsgse.axz fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\mprmsgse.axz	fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe

Modifies registry class 8 IoCs

Processes:

fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}\dlt = "1713605904"	fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}\dlnmi = "1713605904"	fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}	fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}\dlloadtime = "1713605904"	fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38}\mac = "FE-F1-2A-18-05-AF"	fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fc75e4bcdb18945f30721cdd3a15ea2c_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
PID:4456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4456-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4456-1-0x0000000000710000-0x0000000000740000-memory.dmp

Filesize
192KB

Download
memory/4456-2-0x0000000000740000-0x0000000000742000-memory.dmp

Filesize
8KB

Download
memory/4456-3-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/4456-4-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/4456-6-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/4456-7-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/4456-8-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/4456-9-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/4456-10-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/4456-11-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/4456-12-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/4456-13-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/4456-14-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/4456-15-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/4456-16-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/4456-17-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/4456-18-0x00000000023D0000-0x00000000023D1000-memory.dmp

Filesize
4KB

Download
memory/4456-19-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/4456-20-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/4456-22-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4456-21-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4456-23-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4456-24-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4456-25-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/4456-26-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4456-27-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/4456-28-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/4456-29-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/4456-30-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/4456-31-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/4456-32-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/4456-33-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/4456-34-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/4456-35-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4456-36-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/4456-37-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4456-38-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4456-39-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/4456-40-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4456-41-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/4456-42-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/4456-43-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/4456-44-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/4456-45-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/4456-46-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/4456-48-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/4456-47-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/4456-49-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/4456-50-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/4456-51-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/4456-52-0x0000000002940000-0x0000000002941000-memory.dmp

Filesize
4KB

Download
memory/4456-53-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/4456-61-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/4456-62-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/4456-60-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/4456-59-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/4456-58-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/4456-57-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/4456-56-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/4456-55-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/4456-54-0x0000000002960000-0x0000000002961000-memory.dmp

Filesize
4KB

Download
memory/4456-64-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/4456-63-0x0000000003340000-0x0000000003341000-memory.dmp

Filesize
4KB

Download
memory/4456-76-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download