06a645bbd471553402266e9ce5bbfdaf5c1bce625dc28da1171abc6d1863af39

Analysis

max time kernel
140s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
Size

460KB
MD5

03765f4835765700827727f809f3ef1a
SHA1

5afd643ae3b4fced86c13b919e1d13d56217c318
SHA256

06a645bbd471553402266e9ce5bbfdaf5c1bce625dc28da1171abc6d1863af39
SHA512

9fa61ff8e167a607d1029b9d9df35e5da39a021c6818b89730608f36df195f192dbf874de554d1f2c298a6b601b76a49b27781c2fdd48794a4ccf8215c19a2f4
SSDEEP

12288:YQ1sW26Oaj0hS/888888888888W88888888888u2:j1kaj0Ec2

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
4124	03765f4835765700827727f809f3ef1a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\03765f4835765700827727f809f3ef1a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\03765f4835765700827727f809f3ef1a_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4124-0-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/4124-1-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download