c5f06210e64ba8349ca6c550bbf7d4e87acc4fc20c42f8a863c8565da1a9d084

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 14:27

Target

8751dfac2675a05482e59cda14bf3f3e_JaffaCakes118.exe
Size

172KB
MD5

8751dfac2675a05482e59cda14bf3f3e
SHA1

8f632eb293a88bdd6a2dcd4ead0359da0fc66303
SHA256

c5f06210e64ba8349ca6c550bbf7d4e87acc4fc20c42f8a863c8565da1a9d084
SHA512

81b80d12e71bce491d0c334597bfbe8a059e105f9014b53531ad88acee12fd853a819cb1745fd760fb56a671054733ae331aef224c561a2343ca2975d9ce85dc
SSDEEP

3072:AH9X+4qfBJf1KZebYPlbd5QFbp/irLauxyxPS5djYQ/MVCCko3DOsVvajfafAkTJ:AH9X+hfD1KZebYPlbd5QFbp/irLauxya

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\8751dfac2675a05482e59cda14bf3f3e_JaffaCakes118.exe	8751dfac2675a05482e59cda14bf3f3e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\8751dfac2675a05482e59cda14bf3f3e_JaffaCakes118.exe	8751dfac2675a05482e59cda14bf3f3e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8751dfac2675a05482e59cda14bf3f3e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8751dfac2675a05482e59cda14bf3f3e_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
PID:2080

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact