4c7a6ab5aa1e5421f4f0f3ce05496d7f4e67993df7971b3aae7ddcbaac081549

General

Target

0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
Size

152KB
MD5

0501406e5725be54bc22fb8eef02345c
SHA1

2e31f6de0aebc88d04d9d73a93fe4cbf8fa55e88
SHA256

4c7a6ab5aa1e5421f4f0f3ce05496d7f4e67993df7971b3aae7ddcbaac081549
SHA512

7288e87595b64531174237bbf28f593ba45f659078c92c9c65318b772ea870fc5db0b5f92713863eada07d0e633db11a57e4cc36b36b7458c2c8f5975341c3a7
SSDEEP

3072:fl3pY9fMu1FySGYUFr2AlM5oPZIS7rwdV6A1h4J1XjnsG7ZD75VBejc3ZvW39ndp:93poFyCAlKw7wr1E1znsGjVBejc3Z+3d

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\PCGWIN32.LI5	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\{3B711F19-E12272C3-19D3664A-D2130DBD}	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\{3B711F19-E12272C3-19D3664A-D2130DBD}\ = 8dd23deaafde86ac33497988c00a4ed735ad0c14142f51ca90ef51d528138de677b24d0f282a972f52b56930cc75f47fcf7a158793d25e90e5d7efddeae708fd7538fc8106134de6748c8d35eb0c711570e00f2e95f5ec7396c65d839841e384d93020b981c42fb015cd10d7af1dd5a4a0209a315978a4832ceeb7748d4f4b2a96a9d2cbe14e67d5e2d391599ba099f658f3db79a1bcc4c5229f375a7205691667cc066863d3b659826427c0926d96d492d2e756cde33489835009a1741b3de607bc520591cc98b7220d5f341a0c27b51d0f64caa1a960cf556a10b79dbde77882bb40fec3c491525c99a7a73d2dc474b20d31d40052d356ee1daaa4cf43d57e13c596df12dad1de6c1a15a1231f3e1abb200191746b01511f2c1aab9976230309b914bcddba67c6123311f6d0cd54f7e17db4474e526aaf11359cb0a6bc9d781b819ec7dba2d9581fdfdaa5a69323d6e6dcfc1b455e6cda57df5da5e4fc00f8ff0485b17c3bb9c63f4dfa28802cfd153ba006365d32e7c9320f414a3069f3eb4e2e552b5c895ad09f6265917c6379c980ac41d6105d95e49ffc6587a0fd1e389a41a724dd5f5b6566bc333846479d42d8699a77a6b2fd30fb82418fa0f5ba0c062b43cec6d5039ffe25446cd33791c2606e93746e3dd5845f901a691974187ea285f76f8d2ab4af72b5f8807b40c68b9c49e7cb5d6ee70bc2ce7e2ac5ef7f757ac0394e872bf20e76eb8351992c1b6b99f69c729aa9ccb8b1cd559563715295236c9262882a6a6353802d089779d3d457c188b5a3d5abb077bfabf01038c28d88f7d6102d12f4d7cd1db7a4c20cf80bf86ec6ab63ce6eaa4bc95117a82d12a8a6549d50a7e91d2fe4eafe7084c743828e80d5c2ef317538bcbac6ffe385315c74dbffa605523c6679c3fbd9069f7d1a381fc51a20987f197a1cc71b4d99f7e4b2a0807347fea2856fa3eac98ee8eb085188eb158e5cb4648e6deb881128dca9e48bde511b94ded2a597c3ad16681deb58519fdba5e620a29d08a769d23416c16d1f349a43209e0f9a3567b0b232c931cb445183dc915a6c19771c4d1bd45edca5e4933f19ba603ed17b2c062b4df6b43df3b871c5b88f87952de06804cfdf15a5e01c44d9eddf6b5a6e59f564339f0e25abc0e955485cb32576ecc30a516fe36ac6e85c759b30a636f24d405463e01e099a309f73e5ce2cea4991102b29160853b4ae3dcb387105b4e08142df1f1a1a59e1243c0dc5746fb3ea816ef80b7a56bfddba24003d6fb82a38d73b623e69bb487e703bffb9c5c0af904a91e957f392ce10d4e91c8cd9369fcd1ad7279df22431efbc8a3a5607a33249890854971fddda98de66a4b31331e67cb34579bc7b7bfe7ec43bf07efcbb47f972473fa2ba907ee93b53869ea29b80e11f24da63e02ebf2b054eecb5f48f4c35ab4069d90863b72e8d2bb7110254d751dd9ca4da3e58c5639f3e2545707c3d8738123b5f861a126119b064b89f42a5bf1305a1507815c31fbe1a7aa7871d7d27fbf27ef0c5bdaffbaaf97000b1ff37faf2be4f040a4fc9caef70b545400caf962ad38959abdbf6a63cbc7984c021e2f44eb1f5434f790afc4fc68acc89d6132d56d41da11823ddde27e4f27e4044db019ecca40be28ec1d50fa34ade3124483c71b9447b5241a9104be74e520b199123ac06d4bd5cc765b220be9045db8ca13488bda8fbf6befdc407dc62e5c1efdb359efce484de0fdb2a211783e25e26dbcda6ab52569fa3657e2cc5f743cd2eb4d53cef384afb4fc10a80f1164f232a1931a4006e980be78e4dd488ad6a77c8c24fc6eacce8d49313d1ee10eb57f1224b11512c14ebad4954f411b1d88f2295d7605ddd245b3d1ec4e54ee3f57673837ea1c47c21bb20fe63c4f662f2d1465b935ed1e4a8018a544f5dea985018dea19b83e1915450dfd9a55bdc1e64db8de1b75c3da5bb7c463b0dfe48c491aea05520ec65d62ced350b0f76aacd3637c332b677fccd39e83c6c79d7f85dc018936311de205a182199505bed1e77e572d33f9e8524d00ca82ba9ce5315d9ac600811712f082a4bf7b632fdffbb45c600fc1f06259d7c2787e2a2a7c0fd527851ffdc8558b019482495135fa91af4997edbfaa6bf4c85b5bf33fab1c68042a8b92afbefc6951c6c5957e012c0e7704dc34b99169bddde582419c3dcd918a4a63c5d79243c713bb4fe4f7a2af96f7fea7a09c1102ba54e5c0b65363c3d8578a3859173237eb67bbcc6843d00c469bf300509302c7995fc5cf85b852623935651e363791e3ce50510009da5d803e43e1c0599701f491a8c6116e893cee174efb1cab3eece2a6a91a9d7f092bca045c2d027d4c2d1a1d3ff217aa4f9e0c3934999b49bce19cb5c69e7e84db528433786c27c5839e5bc43fa567fd3ba59b8e303a6e6ecfc29472c62967913bc6e0454d153a456c2e327c1e2c0e7e2fd58079fd265ae100bd1f618bde13b7f063a3c07b93d0384f64c837439033bde3e5b852603dd191be099d81cd859631c5e1b5b5e595bdcdee664fc3d05c460e2eebf0b052eecb4e8c14e5774a243767e33c5f6c3fccebb0a01aefc15c4204cd1762c3395b6dcb2da4f184a9968e397b65dc224f641fd80fb9a39dfc4259e7025f3e0f995471ff25ab0e7804df9343f413a947f5fc51ae09f5265e920b0a9beb384816fcc8a1469ddc8e74cdd1764d2afde95655cac9b6926086dd728ed57b76d02743171fcb0c533cf8e1574a00f306af3e9466f5d6a64097250bfa745dd1c6799429befa63512006145c8b036880274b7430d1e145b2e66957d1f84daeca7950def2bf5f60c3c8b8529c3d0965aa221be10455b80a6104ce577b3023e80fbedbe4b7ab687827d5804a5b32fc14a982f6015992c1ff5a54f4cea37ae426ba9ae500a1f8f5a95a19f905a18a7a32d89946cd095d0d0d1d2e3682989c8efe8caa976178d528817e8e24c4fb70abdcfc4f5524f6775124c67754dcc7409bdf0077a82fff045c82ccd5717a252b917c72d7d7478813f4c8537c0b2b4404f44eaed89eb57b1a20c00d5eb9cb624025300ee31548c1de818add94b5bf61ecc1bf619c264174192a4ef02f5d93f98fa1cfedb85e1335b06595364a66fedea7711b2d4ff9185637c41fbc0f9ca84ae7e2bbb0ec13584fc9c46a4ede3b4298e30b48173cb86562c93d7665df324493f103ad7c1226bbf16052d1f28da6bd86edeeb65697c143bdf861aa2e78e92145ead64abff69c590b3224667fd62844fa28afe2ec5f50f8c6a36eff3d5c1636bb669c24cf1573fa27a1f3f5a7a6081adb36b464e5d0b24569f5de564acad8aebb0b63bb286beb204b88dffcb05e9e0c8e4e8dc561993a491f35b8166b76df2f430c03b957e5fc49af1184765b240bfa5c53c4f874a7d2fc44a90719cbc99051b706633f34679bd40bb3d01b8af82aa86d63d5cb85978d8c51adf27a5920cd0c999a8670ef255b6ec4d3468f3f7b1cd78b4797ef8fb3fc13acfbff5057ce0b98abbd73e5d85a473700e0175c0f0d07eaf0535300f0f0a4a8f7115845cdf5b65668ca3b7e1cd5b08660dcdc86b29c9548c51a8a45500d0e9a04fd575234c364bb3f631c23f993a1bf9e6048cdd69677002c741cd8888aa4ae9d70bed76	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\{3B711F19-E12272C3-19D3664A-D2130DBD}\ = 1dfa6882afde86ac33497988c00a4ed735ad0c14142f51ca90ef51d528138de677b24d0f282a972f52b56930cc75f47fcf7a158793d25e90e5d7efddeae708fd7538fc8106134de6748c8d35eb0c711570e00f2e95f5ec7396c65d839841e384d93020b981c42fb015cd10d7af1dd5a4a0209a315978a4832ceeb7748d4f4b2a96a9d2cbe14e67d5e2d391599ba099f658f3db79a1bcc4c5229f375ab2a130f060cc066863d3b659826427c0926d96d492d2e756cde33489835009a1741b3de607bc520591cc98b7220d5f341a0c27b51d0f64caa1a960cf556a10b79dbde77882bb40fec3c491525c99a7a73d2dc474b20d31d40052d356ee1daaa4cf43d57e13c596df12dad1de6c1a15a1231f3e1abb200191746b01511f2c1aab9976230309b914bcddba67c6123311f6d0cd54f7e17db4474e526aaf11359cb0a6bc9d781b819ec7dba2d9581fdfdaa5a69323d6e6dcfc1b455e6cda57df5da5e4fc00f8ff0485b17c3bb9c63f4dfa28802cfd153ba006365d32e7c9320f414a3069f3eb4e2e552b5c895ad09f6265917c6379c980ac41d6105d95e49ffc6587a0fd1e389a41a724dd5f5b6566bc333846479d42d8699a77a6b2fd30fb82418fa0f5ba0c062b43cec6d5039ffe25446cd33791c2606e93746e3dd5845f901a691974187ea285f76f8d2ab4af72b5f8807b40c68b9c49e7cb5d6ee70bc2ce7e2ac5ef7f757ac0394e872bf20e76eb8351992c1b6b99f69c729aa9ccb8b1cd559563715295236c9262882a6a6353802d089779d3d457c188b5a3d5abb077bfabf01038c28d88f7d6102d12f4d7cd1db7a4c20cf80bf86ec6ab63ce6eaa4bc95117a82d12a8a6549d50a7e91d2fe4eafe7084c743828e80d5c2ef317538bcbac6ffe385315c74dbffa605523c6679c3fbd9069f7d1a381fc51a20987f197a1cc71b4d99f7e4b2a0807347fea2856fa3eac98ee8eb085188eb158e5cb4648e6deb881128dca9e48bde511b94ded2a597c3ad16681deb58519fdba5e620a29d08a769d23416c16d1f349a43209e0f9a3567b0b232c931cb445183dc915a6c19771c4d1bd45edca5e4933f19ba603ed17b2c062b4df6b43df3b871c5b88f87952de06804cfdf15a5e01c44d9eddf6b5a6e59f564339f0e25abc0e955485cb32576ecc30a516fe36ac6e85c759b30a636f24d405463e01e099a309f73e5ce2cea4991102b29160853b4ae3dcb387105b4e08142df1f1a1a59e1243c0dc5746fb3ea816ef80b7a56bfddba24003d6fb82a38d73b623e69bb487e703bffb9c5c0af904a91e957f392ce10d4e91c8cd9369fcd1ad7279df22431efbc8a3a5607a33249890854971fddda98de66a4b31331e67cb34579bc7b7bfe7ec43bf07efcbb47f972473fa2ba907ee93b53869ea29b80e11f24da63e02ebf2b054eecb5f48f4c35ab4069d90863b72e8d2bb7110254d751dd9ca4da3e58c5639f3e2545707c3d8738123b5f861a126119b064b89f42a5bf1305a1507815c31fbe1a7aa7871d7d27fbf27ef0c5bdaffbaaf97000b1ff37faf2be4f040a4fc9caef70b545400caf962ad38959abdbf6a63cbc7984c021e2f44eb1f5434f790afc4fc68acc89d6132d56d41da11823ddde27e4f27e4044db019ecca40be28ec1d50fa34ade3124483c71b9447b5241a9104be74e520b199123ac06d4bd5cc765b220be9045db8ca13488bda8fbf6befdc407dc62e5c1efdb359efce484de0fdb2a211783e25e26dbcda6ab52569fa3657e2cc5f743cd2eb4d53cef384afb4fc10a80f1164f232a1931a4006e980be78e4dd488ad6a77c8c24fc6eacce8d49313d1ee10eb57f1224b11512c14ebad4954f411b1d88f2295d7605ddd245b3d1ec4e54ee3f57673837ea1c47c21bb20fe63c4f662f2d1465b935ed1e4a8018a544f5dea985018dea19b83e1915450dfd9a55bdc1e64db8de1b75c3da5bb7c463b0dfe48c491aea05520ec65d62ced350b0f76aacd3637c332b677fccd39e83c6c79d7f85dc018936311de205a182199505bed1e77e572d33f9e8524d00ca82ba9ce5315d9ac600811712f082a4bf7b632fdffbb45c600fc1f06259d7c2787e2a2a7c0fd527851ffdc8558b019482495135fa91af4997edbfaa6bf4c85b5bf33fab1c68042a8b92afbefc6951c6c5957e012c0e7704dc34b99169bddde582419c3dcd918a4a63c5d79243c713bb4fe4f7a2af96f7fea7a09c1102ba54e5c0b65363c3d8578a3859173237eb67bbcc6843d00c469bf300509302c7995fc5cf85b852623935651e363791e3ce50510009da5d803e43e1c0599701f491a8c6116e893cee174efb1cab3eece2a6a91a9d7f092bca045c2d027d4c2d1a1d3ff217aa4f9e0c3934999b49bce19cb5c69e7e84db528433786c27c5839e5bc43fa567fd3ba59b8e303a6e6ecfc29472c62967913bc6e0454d153a456c2e327c1e2c0e7e2fd58079fd265ae100bd1f618bde13b7f063a3c07b93d0384f64c837439033bde3e5b852603dd191be099d81cd859631c5e1b5b5e595bdcdee664fc3d05c460e2eebf0b052eecb4e8c14e5774a243767e33c5f6c3fccebb0a01aefc15c4204cd1762c3395b6dcb2da4f184a9968e397b65dc224f641fd80fb9a39dfc4259e7025f3e0f995471ff25ab0e7804df9343f413a947f5fc51ae09f5265e920b0a9beb384816fcc8a1469ddc8e74cdd1764d2afde95655cac9b6926086dd728ed57b76d02743171fcb0c533cf8e1574a00f306af3e9466f5d6a64097250bfa745dd1c6799429befa63512006145c8b036880274b7430d1e145b2e66957d1f84daeca7950def2bf5f60c3c8b8529c3d0965aa221be10455b80a6104ce577b3023e80fbedbe4b7ab687827d5804a5b32fc14a982f6015992c1ff5a54f4cea37ae426ba9ae500a1f8f5a95a19f905a18a7a32d89946cd095d0d0d1d2e3682989c8efe8caa976178d528817e8e24c4fb70abdcfc4f5524f6775124c67754dcc7409bdf0077a82fff045c82ccd5717a252b917c72d7d7478813f4c8537c0b2b4404f44eaed89eb57b1a20c00d5eb9cb624025300ee31548c1de818add94b5bf61ecc1bf619c264174192a4ef02f5d93f98fa1cfedb85e1335b06595364a66fedea7711b2d4ff9185637c41fbc0f9ca84ae7e2bbb0ec13584fc9c46a4ede3b4298e30b48173cb86562c93d7665df324493f103ad7c1226bbf16052d1f28da6bd86edeeb65697c143bdf861aa2e78e92145ead64abff69c590b3224667fd62844fa28afe2ec5f50f8c6a36eff3d5c1636bb669c24cf1573fa27a1f3f5a7a6081adb36b464e5d0b24569f5de564acad8aebb0b63bb286beb204b88dffcb05e9e0c8e4e8dc561993a491f35b8166b76df2f430c03b957e5fc49af1184765b240bfa5c53c4f874a7d2fc44a90719cbc99051b706633f34679bd40bb3d01b8af82aa86d63d5cb85978d8c51adf27a5920cd0c999a8670ef255b6ec4d3468f3f7b1cd78b4797ef8fb3fc13acfbff5057ce0b98abbd73e5d85a473700e0175c0f0d07eaf0535300f0f0a4a8f7115845cdf5b65668ca3b7e1cd5b08660dcdc86b29c9548c51a8a45500d0e9a04fd575234c364bb3f631c23f993a1bf9e6048cdd69677002c741cd8888aa4ae9d70bed76	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\{D50DBC70-EDF2330C-38FF8F7C}	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\{D50DBC70-EDF2330C-38FF8F7C}\ = "2537284957"	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\{3B711F19-E12272C3-19D3664A-D2130DBD}\ = dd46573aafde86ac33497988c00a4ed735ad0c1449ca6a5d90ef51d528138de677b24d0f282a972f52b56930cc75f47fcf7a158793d25e90e5d7efddeae708fd7538fc8106134de6748c8d35eb0c711570e00f2e95f5ec7396c65d839841e384d93020b981c42fb015cd10d7af1dd5a4a0209a315978a4832ceeb7748d4f4b2a96a9d2cbe14e67d5e2d391599ba099f658f3db79a1bcc4c5229f375ab2a130f060cc066863d3b659826427c0926d96d492d2e756cde33489835009a1741b3de607bc520591cc98b7220d5f341a0c27b51d0f64caa1a960cf556a10b79dbde77882bb40fec3c491525c99a7a73d2dc474b20d31d40052d356ee1daaa4cf43d57e13c596df12dad1de6c1a15a1231f3e1abb200191746b01511f2c1aab9976230309b914bcddba67c6123311f6d0cd54f7e17db4474e526aaf11359cb0a6bc9d781b819ec7dba2d9581fdfdaa5a69323d6e6dcfc1b455e6cda57df5da5e4fc00f8ff0485b17c3bb9c63f4dfa28802cfd153ba006365d32e7c9320f414a3069f3eb4e2e552b5c895ad09f6265917c6379c980ac41d6105d95e49ffc6587a0fd1e389a41a724dd5f5b6566bc333846479d42d8699a77a6b2fd30fb82418fa0f5ba0c062b43cec6d5039ffe25446cd33791c2606e93746e3dd5845f901a691974187ea285f76f8d2ab4af72b5f8807b40c68b9c49e7cb5d6ee70bc2ce7e2ac5ef7f757ac0394e872bf20e76eb8351992c1b6b99f69c729aa9ccb8b1cd559563715295236c9262882a6a6353802d089779d3d457c188b5a3d5abb077bfabf01038c28d88f7d6102d12f4d7cd1db7a4c20cf80bf86ec6ab63ce6eaa4bc95117a82d12a8a6549d50a7e91d2fe4eafe7084c743828e80d5c2ef317538bcbac6ffe385315c74dbffa605523c6679c3fbd9069f7d1a381fc51a20987f197a1cc71b4d99f7e4b2a0807347fea2856fa3eac98ee8eb085188eb158e5cb4648e6deb881128dca9e48bde511b94ded2a597c3ad16681deb58519fdba5e620a29d08a769d23416c16d1f349a43209e0f9a3567b0b232c931cb445183dc915a6c19771c4d1bd45edca5e4933f19ba603ed17b2c062b4df6b43df3b871c5b88f87952de06804cfdf15a5e01c44d9eddf6b5a6e59f564339f0e25abc0e955485cb32576ecc30a516fe36ac6e85c759b30a636f24d405463e01e099a309f73e5ce2cea4991102b29160853b4ae3dcb387105b4e08142df1f1a1a59e1243c0dc5746fb3ea816ef80b7a56bfddba24003d6fb82a38d73b623e69bb487e703bffb9c5c0af904a91e957f392ce10d4e91c8cd9369fcd1ad7279df22431efbc8a3a5607a33249890854971fddda98de66a4b31331e67cb34579bc7b7bfe7ec43bf07efcbb47f972473fa2ba907ee93b53869ea29b80e11f24da63e02ebf2b054eecb5f48f4c35ab4069d90863b72e8d2bb7110254d751dd9ca4da3e58c5639f3e2545707c3d8738123b5f861a126119b064b89f42a5bf1305a1507815c31fbe1a7aa7871d7d27fbf27ef0c5bdaffbaaf97000b1ff37faf2be4f040a4fc9caef70b545400caf962ad38959abdbf6a63cbc7984c021e2f44eb1f5434f790afc4fc68acc89d6132d56d41da11823ddde27e4f27e4044db019ecca40be28ec1d50fa34ade3124483c71b9447b5241a9104be74e520b199123ac06d4bd5cc765b220be9045db8ca13488bda8fbf6befdc407dc62e5c1efdb359efce484de0fdb2a211783e25e26dbcda6ab52569fa3657e2cc5f743cd2eb4d53cef384afb4fc10a80f1164f232a1931a4006e980be78e4dd488ad6a77c8c24fc6eacce8d49313d1ee10eb57f1224b11512c14ebad4954f411b1d88f2295d7605ddd245b3d1ec4e54ee3f57673837ea1c47c21bb20fe63c4f662f2d1465b935ed1e4a8018a544f5dea985018dea19b83e1915450dfd9a55bdc1e64db8de1b75c3da5bb7c463b0dfe48c491aea05520ec65d62ced350b0f76aacd3637c332b677fccd39e83c6c79d7f85dc018936311de205a182199505bed1e77e572d33f9e8524d00ca82ba9ce5315d9ac600811712f082a4bf7b632fdffbb45c600fc1f06259d7c2787e2a2a7c0fd527851ffdc8558b019482495135fa91af4997edbfaa6bf4c85b5bf33fab1c68042a8b92afbefc6951c6c5957e012c0e7704dc34b99169bddde582419c3dcd918a4a63c5d79243c713bb4fe4f7a2af96f7fea7a09c1102ba54e5c0b65363c3d8578a3859173237eb67bbcc6843d00c469bf300509302c7995fc5cf85b852623935651e363791e3ce50510009da5d803e43e1c0599701f491a8c6116e893cee174efb1cab3eece2a6a91a9d7f092bca045c2d027d4c2d1a1d3ff217aa4f9e0c3934999b49bce19cb5c69e7e84db528433786c27c5839e5bc43fa567fd3ba59b8e303a6e6ecfc29472c62967913bc6e0454d153a456c2e327c1e2c0e7e2fd58079fd265ae100bd1f618bde13b7f063a3c07b93d0384f64c837439033bde3e5b852603dd191be099d81cd859631c5e1b5b5e595bdcdee664fc3d05c460e2eebf0b052eecb4e8c14e5774a243767e33c5f6c3fccebb0a01aefc15c4204cd1762c3395b6dcb2da4f184a9968e397b65dc224f641fd80fb9a39dfc4259e7025f3e0f995471ff25ab0e7804df9343f413a947f5fc51ae09f5265e920b0a9beb384816fcc8a1469ddc8e74cdd1764d2afde95655cac9b6926086dd728ed57b76d02743171fcb0c533cf8e1574a00f306af3e9466f5d6a64097250bfa745dd1c6799429befa63512006145c8b036880274b7430d1e145b2e66957d1f84daeca7950def2bf5f60c3c8b8529c3d0965aa221be10455b80a6104ce577b3023e80fbedbe4b7ab687827d5804a5b32fc14a982f6015992c1ff5a54f4cea37ae426ba9ae500a1f8f5a95a19f905a18a7a32d89946cd095d0d0d1d2e3682989c8efe8caa976178d528817e8e24c4fb70abdcfc4f5524f6775124c67754dcc7409bdf0077a82fff045c82ccd5717a252b917c72d7d7478813f4c8537c0b2b4404f44eaed89eb57b1a20c00d5eb9cb624025300ee31548c1de818add94b5bf61ecc1bf619c264174192a4ef02f5d93f98fa1cfedb85e1335b06595364a66fedea7711b2d4ff9185637c41fbc0f9ca84ae7e2bbb0ec13584fc9c46a4ede3b4298e30b48173cb86562c93d7665df324493f103ad7c1226bbf16052d1f28da6bd86edeeb65697c143bdf861aa2e78e92145ead64abff69c590b3224667fd62844fa28afe2ec5f50f8c6a36eff3d5c1636bb669c24cf1573fa27a1f3f5a7a6081adb36b464e5d0b24569f5de564acad8aebb0b63bb286beb204b88dffcb05e9e0c8e4e8dc561993a491f35b8166b76df2f430c03b957e5fc49af1184765b240bfa5c53c4f874a7d2fc44a90719cbc99051b706633f34679bd40bb3d01b8af82aa86d63d5cb85978d8c51adf27a5920cd0c999a8670ef255b6ec4d3468f3f7b1cd78b4797ef8fb3fc13acfbff5057ce0b98abbd73e5d85a473700e0175c0f0d07eaf0535300f0f0a4a8f7115845cdf5b65668ca3b7e1cd5b08660dcdc86b29c9548c51a8a45500d0e9a04fd575234c364bb3f631c23f993a1bf9e6048cdd69677002c741cd8888aa4ae9d70bed76	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2980	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1180	2980	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe	21
PID 2980 wrote to memory of 1180	2980	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe	21
PID 2980 wrote to memory of 1180	2980	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe	21
PID 2980 wrote to memory of 1180	2980	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe	21
PID 2980 wrote to memory of 1180	2980	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe	21
PID 2980 wrote to memory of 1180	2980	0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1180
- C:\Users\Admin\AppData\Local\Temp\0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0501406e5725be54bc22fb8eef02345c_JaffaCakes118.exe"
  2⤵
  - Checks BIOS information in registry
  - Maps connected drives based on registry
  - Drops file in Windows directory
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\PCGWIN32.LI5

Filesize
2KB

MD5
ee61c042604a35e970f976c3ebc9aa45

SHA1
a118dbc258987075cc1ee30d1bca6588487f636f

SHA256
69d82859b54c079af7b578e0d4956375a2771b951d3da2f17d067d2baac94e32

SHA512
6bbeaad9c5ffad3a702b6ac73c7a9ce32514b2ce466976e5e6bc8c72dbe400a60e31f3e26f1d882d1b1001f461651177a36cc6d8185b59a561d76fcdb688e45b

Download Submit
memory/1180-13-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1180-20-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/2980-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2980-11-0x00000000001B0000-0x00000000001C7000-memory.dmp

Filesize
92KB

Download
memory/2980-16-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2980-34-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2980-35-0x00000000001B0000-0x00000000001C7000-memory.dmp

Filesize
92KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads