2ee8b44a54b122c8f221beca15863d6aadd79e8c27237d6e1820e43e0ad4a066

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fb647ee8117674e1757d6b7e0a15b01_JaffaCakes118.exe
Size

269KB
MD5

0fb647ee8117674e1757d6b7e0a15b01
SHA1

81bcca2dd33f7dbf6f37f2d1153b5be0da875a06
SHA256

2ee8b44a54b122c8f221beca15863d6aadd79e8c27237d6e1820e43e0ad4a066
SHA512

6986b26ffdcb453382342100391a7755a1611d3b19c6e9a822bfb451d6e463f5e4b4394a602146e31288cfd2326a998b1b358d358089bebdb2d0f56b3859296c
SSDEEP

3072:ZbXiwzKuYtMeMQK1ufgEyXFJieLjU0jC14B7mEZcAPhIX5:xTm2eMQ6SgFXbt7lZ5JI

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\3e3c373b3d31297d362b36 = "C:\\Users\\Admin\\hnbz.exe"	0fb647ee8117674e1757d6b7e0a15b01_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
836	0fb647ee8117674e1757d6b7e0a15b01_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0fb647ee8117674e1757d6b7e0a15b01_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fb647ee8117674e1757d6b7e0a15b01_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/836-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads