05b08e07c4aa83faca603cce805b1d9897247d7baea690ca510a4bbfe894a0cb

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 18:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Size

289KB
MD5

1c048997e617aa63ba18ee32e5d347e6
SHA1

5e984199725772e4364e5bc4ee309e4e1aa505e1
SHA256

05b08e07c4aa83faca603cce805b1d9897247d7baea690ca510a4bbfe894a0cb
SHA512

ef5eab7f7505bc291f4c15bbed64bb96bed815869e49d794a03736806c1c38d5367316b1062285de1a25e536810d63db67083fe138f7d4e5485ab7422b9810a1
SSDEEP

6144:yID8pwgmjbqxUqVo6Om8PC1IPSz2Rn+aCyIK3ccnMxjARJt:dIDmjbbqLyCcrW1K3DnscRn

Score

1^/10

Malware Config

Signatures

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\FLAGS	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\Implemented Categories\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\Implemented Categories	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\ProgID\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\0\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\FLAGS\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\FLAGS\ = "2"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\HELPDIR\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\VersionIndependentProgID\ = "Object.Microsoft.DXTFilter"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\dmocx.dll"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\HELPDIR\ = "C:\\Windows\\System32"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\TypeLib	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\TypeLib\ = "{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\Version\ = "1.1"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\Programmable	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\TypeLib\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\VersionIndependentProgID\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\ProgID	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\ProgID\ = "Object.Microsoft.DXTFilter.1"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\Programmable\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\0	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\HELPDIR	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\Version	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\VersionIndependentProgID	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\InprocServer32\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\0\win32	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\0\win32\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\Version\	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B9BF83E0-81D6-11C6-AACE-A167FF91DCA0}\1.0\ = "ctv OLE Control module"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\InprocServer32	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\InprocServer32\ = "C:\\Windows\\SysWOW64\\Dxtrans.dll"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{36167E39-4490-4E32-89AD-6DC0CB48F307}\ = "Wohiwjecta Kohalicsi Idazxiv Object"	1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1c048997e617aa63ba18ee32e5d347e6_JaffaCakes118.exe"
1⤵
- Modifies registry class
PID:5004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5004-1-0x0000000000A79000-0x0000000000A7A000-memory.dmp

Filesize
4KB

Download
memory/5004-0-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-2-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-3-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-4-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-5-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-6-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-7-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-8-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-9-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-11-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download
memory/5004-12-0x0000000000400000-0x0000000000AD4000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads