3bed6d98e97f8b66634b21b2b0f4631e1bac07f7302dcbabb4cb30fc5be601c3

General

Target

a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Size

2.3MB
MD5

a2d9c40964280fcd9395a0f40b6d8e7e
SHA1

78f06959131df69900b1dacd0d130b12120e93c3
SHA256

3bed6d98e97f8b66634b21b2b0f4631e1bac07f7302dcbabb4cb30fc5be601c3
SHA512

cfd3d047a1fa91533004473f56b4cf2006e078f3cf49b3c5ec6d129f06167fae2254c27bdaeb90e3df562b219134205bddf10f5ecdc1ea758948b8c6ebd885ed
SSDEEP

24576:9pL3lYmPFPJYc+i3PbqqCBPpA6PxRRFK1Ne:9pL+mtPJh+i3D1CzkNe

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	4524	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	4524	a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a2d9c40964280fcd9395a0f40b6d8e7e_JaffaCakes118.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4524-0-0x00000000028E0000-0x0000000002999000-memory.dmp

Filesize
740KB

Download
memory/4524-2-0x00000000028E0000-0x0000000002999000-memory.dmp

Filesize
740KB

Download
memory/4524-3-0x0000000000402000-0x0000000000403000-memory.dmp

Filesize
4KB

Download
memory/4524-4-0x0000000000400000-0x0000000000CCB000-memory.dmp

Filesize
8.8MB

Download
memory/4524-5-0x0000000000400000-0x0000000000CCB000-memory.dmp

Filesize
8.8MB

Download
memory/4524-6-0x0000000000400000-0x0000000000CCB000-memory.dmp

Filesize
8.8MB

Download
memory/4524-7-0x0000000000400000-0x0000000000CCB000-memory.dmp

Filesize
8.8MB

Download
memory/4524-9-0x00000000028E0000-0x0000000002999000-memory.dmp

Filesize
740KB

Download
memory/4524-10-0x0000000000402000-0x0000000000403000-memory.dmp

Filesize
4KB

Download
memory/4524-11-0x0000000000400000-0x0000000000CCB000-memory.dmp

Filesize
8.8MB

Download

Analysis

Sharing