bc4fda87b767b7e4e392f027d2ec233190d57dd50bf3a8c2ba1619f5914e47a6

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 07:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
Size

532KB
MD5

0d48a4e44c9d73a994bb4b0601821c69
SHA1

2108ea6f78ea1918b8a7ed651eaf3d98ce93a818
SHA256

bc4fda87b767b7e4e392f027d2ec233190d57dd50bf3a8c2ba1619f5914e47a6
SHA512

93c4a5ffecd7ddfca815133b454a03090034b5b89cc05830a847d9f5bd5cf3cf5d0bc6984e6b9129e5cc2452da007fc9bb01f91a18131ed6cccf0617a2afc96f
SSDEEP

3072:7+ZvkWp8qX96QfCDpMqrT4GmdVM3bXKCKk3T1a/PTYhA7Jf22QA6Ivv1tH/nSrNV:aZmqt6Qyiy3b6CR10TY8JOArF9S9x

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SvcHosts32 = "C:\\Windows\\system32\\svchosts.exe"	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers32\Halo Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Adobe Acrobat 5.x Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\UT 2003 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Warcraft III - The Frozen Throne No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\GetRight 6.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2004 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Easy CD-DA Extractor 5.1 Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Nero Burning ROM 5.5.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 3 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Quake 4 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Lord of the Rings - War of the Ring No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FIFA Soccer 2003 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Counter-Strike - Condition Zero Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NHL 2003 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Winamp 2.91 Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness III Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Winamp 3.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\SWiSH 2.0 Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Lords of the Realm III No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Midtown Madness 2 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MechWarrior III Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life 2 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\FlashGet 1.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Praetorians No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\FlashFXP 1.4 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Rainbow Six 3 - Raven Shield No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Halo Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Adobe Photoshop 7.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\LingoWare 3.0 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 5.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\SnagIt 6.2.2 Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Half-Life Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Dark Age of Camelot - Trials of Atlantis Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Quake IV No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Hex Workshop Hex Editor 4.1 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Medal of Honor - Allied Assault Breakthrough Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\EverQuest 2 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Lords of EverQuest Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\DAP Plus 5.3 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Madden NFL 2003 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 8.1 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Adobe Acrobat 5.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Age of Mythology - The Titans No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Hitman 3 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\NBA Live 2003 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Lords of EverQuest Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Ad-aware 6.0 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Chrome No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Ulead GIF Animator 6.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Paint Shop Pro 9.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\PhotoShow 2.0 Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Star Trek - Elite Force II No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Metal Gear Solid III No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\MVP Baseball 2003 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DOOM 3 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\Grand Theft Auto - Vice City No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\MechWarrior 4 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\DOOM 3 No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers32\Shrek 2 Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\SimCity IV No-Cd Crack.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers32\WinZip 9.x Serial Generator.exe	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 5020	4188	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe	94
PID 4188 wrote to memory of 5020	4188	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe	94
PID 4188 wrote to memory of 5020	4188	0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe	94

C:\Users\Admin\AppData\Local\Temp\0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0d48a4e44c9d73a994bb4b0601821c69_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c c:\$$$$$.bat
  2⤵
  PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\drivers32\Tomb Raider - The Angel of Darkness No-Cd Crack.exe

Filesize
532KB

MD5
0d48a4e44c9d73a994bb4b0601821c69

SHA1
2108ea6f78ea1918b8a7ed651eaf3d98ce93a818

SHA256
bc4fda87b767b7e4e392f027d2ec233190d57dd50bf3a8c2ba1619f5914e47a6

SHA512
93c4a5ffecd7ddfca815133b454a03090034b5b89cc05830a847d9f5bd5cf3cf5d0bc6984e6b9129e5cc2452da007fc9bb01f91a18131ed6cccf0617a2afc96f

Download Submit
\??\c:\$$$$$.bat

Filesize
228B

MD5
719dd05daff131782637c921ffbda112

SHA1
f0c0ca3c75edade64891cd2ab6d3db26f1ef378a

SHA256
1f9b70d0d72f58a338deaa9e153fcc51aa90f2174e15d922f20712d7b295c221

SHA512
19449d9b339cd101ba420ae099a2851c3f01a6f4be091a5c8a05b05526a0ee4775540118b84959c466caa45442942ab4c7be9962243243c607d99f8490ea61b1

Download Submit
memory/4188-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4188-704-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4188-821-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads