b6cbc586e3222b660f7088c4f4a5e3e2268b9999bb923d824155afbdef24a6d8

Analysis

max time kernel
136s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8526e0a165aa815460f22d4199f95189_JaffaCakes118.dll
Size

301KB
MD5

8526e0a165aa815460f22d4199f95189
SHA1

b0b5feaff235c6e0fb0c12402b7d9f07148352fb
SHA256

b6cbc586e3222b660f7088c4f4a5e3e2268b9999bb923d824155afbdef24a6d8
SHA512

a52851ed18543ece1e219647582fa3d1b13a401a2a6844fe0a052cdc3943b441377e9d9de0844c9758419ff89e65b5fdbde3e2f0db52e446af9cbd3c9ad8b173
SSDEEP

6144:cvvVfkuAlSzS7iM6VRSGA/vxYM/8I5wGKzMN12lL:cvvVfkuAOiiM6GrCm8GSesl

Score

1^/10

Malware Config

Signatures

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8526E0~1.DLL"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\ = "CLicenseAgent Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\TypeLib\ = "{C7879482-F798-4a74-AF43-E887FBDCED40}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\ = "ICOMLicenseAgent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\TypeLib\ = "{C7879482-F798-4A74-AF43-E887FBDCED40}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent.1\CLSID\ = "{ACADF079-CBCD-4032-83F2-FA47C4DB096F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8526e0a165aa815460f22d4199f95189_JaffaCakes118.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\ = "ICOMLicenseAgent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\ProgID\ = "Licdll.CLicenseAgent.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\VersionIndependentProgID\ = "Licdll.CLicenseAgent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\TypeLib\ = "{C7879482-F798-4A74-AF43-E887FBDCED40}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent\CLSID\ = "{ACADF079-CBCD-4032-83F2-FA47C4DB096F}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}\1.0\ = "licdll 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B8CBAD79-3F1F-481A-BB0C-E7BBD77BDDD1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent.1\ = "CLicenseAgent Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ACADF079-CBCD-4032-83F2-FA47C4DB096F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent\ = "CLicenseAgent Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Licdll.CLicenseAgent\CurVer\ = "Licdll.CLicenseAgent.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C7879482-F798-4A74-AF43-E887FBDCED40}\1.0\HELPDIR	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1076	2332	regsvr32.exe	92
PID 2332 wrote to memory of 1076	2332	regsvr32.exe	92
PID 2332 wrote to memory of 1076	2332	regsvr32.exe	92

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8526e0a165aa815460f22d4199f95189_JaffaCakes118.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8526e0a165aa815460f22d4199f95189_JaffaCakes118.dll
  2⤵
  - Modifies registry class
  PID:1076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
1⤵
PID:2932

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads