e18d12531e46e6061f61049ea30335571bf8201438aacf1e815f4771c9262fac

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Size

140KB
MD5

18349db9314e2b241d1da7295d370ab3
SHA1

4685a51e858e296ba23f99a1ddab0177558caf10
SHA256

e18d12531e46e6061f61049ea30335571bf8201438aacf1e815f4771c9262fac
SHA512

4758834bde8d98448a5bc3268dc376b21621347451245ac38e38f230a69f191c3b4344d9faf5e650d8371b197ad09a2c759ed63ce014669df6935e37285585ab
SSDEEP

1536:3uG26deOfccCm9gkm7UfanxJFaJgupDJfL8qaFpGLdEqIX0FbrD:eGTokXVZgURpD5AHpSdEqIkp

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\ = "_CVSVirus"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\TypeLib\Version = "41.0"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}\41.0	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}\41.0\FLAGS\ = "0"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}\41.0\ = "hxadsec"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\ProxyStubClsid32	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\ = "hxadsec.CHXSoft"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hxadsec.CHXSoft\Clsid\ = "{728208CE-21C2-46D8-9608-4F51E5A9C57C}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\TypeLib\ = "{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\ProgID	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\VERSION	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\ProxyStubClsid	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hxadsec.CHXSoft	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\ProxyStubClsid	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\Programmable	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}\41.0\0\win32	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\ = "_CHXSoft"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hxadsec.CVSVirus\Clsid	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\Implemented Categories	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}\41.0\HELPDIR	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\TypeLib\Version = "41.0"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\TypeLib\ = "{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\ProgID\ = "hxadsec.CVSVirus"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\ProgID\ = "hxadsec.CHXSoft"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\TypeLib\Version = "41.0"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\ = "CHXSoft"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\ProxyStubClsid32	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\TypeLib	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\VERSION	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\TypeLib	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\ProgID	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\VERSION\ = "65.0"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\Implemented Categories	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\ = "_CVSVirus"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\LocalServer32	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\Programmable	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\TypeLib	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\TypeLib\ = "{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\hxadsec.CHXSoft\Clsid	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\ProxyStubClsid32	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\TypeLib\ = "{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\VERSION\ = "65.0"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}\41.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\TypeLib	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{728208CE-21C2-46D8-9608-4F51E5A9C57C}\LocalServer32	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\ = "CVSVirus"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}\41.0\FLAGS	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\hxadsec.CVSVirus\Clsid\ = "{EC92031E-3FB7-4498-9349-723F7FD4F036}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{952D7B83-6D88-4253-8A26-A1E0BBF86410}\ProxyStubClsid32	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC92031E-3FB7-4498-9349-723F7FD4F036}\ = "hxadsec.CVSVirus"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{247D0D8E-6629-47E2-B9F0-8F7D97B79245}\TypeLib\ = "{CC8FAA8A-E93A-49AD-A4A8-E1F5317D83C7}"	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2836	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
2836	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
2836	18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\18349db9314e2b241d1da7295d370ab3_JaffaCakes118.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2836

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads