c5641118624861ba44060cde9e621b261275e1fbd743592bdd1994c69ef7f37f

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04b59991e1ac5b0b5fb1273f8d90ce75_JaffaCakes118.exe
Size

450KB
MD5

04b59991e1ac5b0b5fb1273f8d90ce75
SHA1

3670fdad869d5ab59d138aabc56f789fbe8f299e
SHA256

c5641118624861ba44060cde9e621b261275e1fbd743592bdd1994c69ef7f37f
SHA512

fa7789c498a621111b93c2d4a95f98e1736257ab218735b854de371dd3add14538b5504c94194ba571af97777c7fff7ea83cde47ee7ed94583de8818bdae615b
SSDEEP

6144:gs833CnotE7RN8Jqeh5sIgD+U/MsqJwu7Bn6nVIdluqCTX2J/wJ9SqSil:mLtE7RaAeUp+ULMniCluqA2iJ8Vil

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\System-Service = "C:\\Windows\\SYSTEM\\EXPLORER.SCR"	04b59991e1ac5b0b5fb1273f8d90ce75_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SYSTEM\EXPLORER.SCR	04b59991e1ac5b0b5fb1273f8d90ce75_JaffaCakes118.exe
File opened for modification	C:\Windows\SYSTEM\EXPLORER.SCR	04b59991e1ac5b0b5fb1273f8d90ce75_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\04b59991e1ac5b0b5fb1273f8d90ce75_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04b59991e1ac5b0b5fb1273f8d90ce75_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:4800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\sys32\$$FREE$$ .exe

Filesize
477KB

MD5
0c1d60e8a53738119189f9a486ffa0a2

SHA1
a57ccfb0a8c83327d8d6068f050d917cb4daf38b

SHA256
3c6ec46ca7a5e911905e19bef209811ec3f7ec025ddbced56e38511b7d766236

SHA512
0db17c7e4a068353e84aba53f6764c657d4c39aa3651c3325fa5751ff6605c2c2bb3c0229598b137441e7d6de2ea8aa4b8cc4b8a421ebe4ebf10a6fdc7f924c4

Download Submit
memory/4800-37-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-3-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-4-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/4800-2-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-14-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-0-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/4800-52-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-69-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-85-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-96-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-112-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-125-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/4800-141-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads