085a17f7fd720489d471ea1282be4e799e5050f559b1ddf3286b23006b8710d4

Analysis

max time kernel
124s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 00:19

Target

0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
Size

216KB
MD5

0163cf836bdf5bb9c66885939f05184e
SHA1

b3c2131ad4de62c9ce8c62ac80c5a690bf2ef476
SHA256

085a17f7fd720489d471ea1282be4e799e5050f559b1ddf3286b23006b8710d4
SHA512

bd64440b712b89601c73787cec6ce370a69a9b7e79eecfe4a423efc06a9c414cf234746f72e05c3eec6a5713309a8aef5f13956814f696dda75635dd0dd06cfc
SSDEEP

3072:N5o2dyo1RgRDFWuwOO2Cl0RSeGQcBSVcUZmfz2CrvsxbxRl6qWN4TpNawRaItxRZ:fdiDQTOO2ClzbS7mC2vMxR4ZNWfkI7

Score

4^/10

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\wab.exe	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\elevation_service.exe	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\vcruntime140_1.dll	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Microsoft Games	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Microsoft Games\Age of Empires II: The Conquerors Expansion	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Microsoft Games\Age of Empires II: The Conquerors Expansion\1.0	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Microsoft Games\Age of Empires II: The Conquerors Expansion\1.0\EULA\FIRSTRUN = "1"	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Microsoft Games\Age of Empires II: The Conquerors Expansion\1.0\EULA	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe
Key created	\REGISTRY\USER\.DEFAULT	0163cf836bdf5bb9c66885939f05184e_JaffaCakes118.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3768,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:8
1⤵
PID:1604

memory/4368-0-0x000000000040D000-0x0000000000438000-memory.dmp

Filesize
172KB

Download
memory/4368-1-0x000000000040D000-0x0000000000436000-memory.dmp

Filesize
164KB

Download
memory/4368-2-0x0000000000400000-0x0000000000437388-memory.dmp

Filesize
220KB

Download
memory/4368-3-0x0000000002090000-0x0000000002095000-memory.dmp

Filesize
20KB

Download
memory/4368-4-0x0000000002060000-0x0000000002085000-memory.dmp

Filesize
148KB

Download
memory/4368-5-0x0000000000400000-0x0000000000437388-memory.dmp

Filesize
220KB

Download
memory/4368-6-0x0000000002060000-0x0000000002085000-memory.dmp

Filesize
148KB

Download
memory/4368-8-0x0000000000400000-0x0000000000437388-memory.dmp

Filesize
220KB

Download
memory/4368-7-0x000000000040D000-0x0000000000436000-memory.dmp

Filesize
164KB

Download