0ab3e5ffe724649ce38732d791884640549e31b0e12edb4b5dd9d7a3132c11aa

Analysis

max time kernel
53s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 09:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Size

80KB
MD5

280874369f9ffbe46e9a98b9cea2c8c6
SHA1

dbcb1e6e67f02144034633f08eb288879b2fd239
SHA256

0ab3e5ffe724649ce38732d791884640549e31b0e12edb4b5dd9d7a3132c11aa
SHA512

ba022043d8fe15c9a959bf9ae02780bff8006b5fdf80c6a7034279db14b60294fac98f1fc67827b58c99bc34924fc7687f6f9102a23ac8b5f52f196b5adf543e
SSDEEP

768:mHE3wAr9HXH4ebaIFXoWFWJB4VB+yvIFetQb5GyGGARx9HXH4ebaIFXoWFWJBWZ:mHKR34ebaINbWI+dnGXR34ebaINbWoZ

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\TypeLib\ = "{0CA5189C-0C96-4276-9E4E-FC544F99943C}"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\VERSION\ = "3.0"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ProFitCaptionMaker.Application	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\ProxyStubClsid	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\ = "_Application"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\ProxyStubClsid32	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\TypeLib	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}\3.0\FLAGS\ = "0"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}\3.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}\3.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}\3.0	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\VERSION	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\Programmable	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\ = "_Application"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\ = "ProFitCaptionMaker.Application"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\ProgID\ = "ProFitCaptionMaker.Application"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\TypeLib\Version = "3.0"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ProFitCaptionMaker.Application\Clsid	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\Implemented Categories	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}\3.0\FLAGS	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\TypeLib	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\TypeLib\Version = "3.0"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\ = "Application"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}\3.0\0	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}\3.0\HELPDIR	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\ProgID	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\LocalServer32	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ProFitCaptionMaker.Application\ = "ProFitCaptionMaker.Application"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\TypeLib\ = "{0CA5189C-0C96-4276-9E4E-FC544F99943C}"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\TypeLib	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{504D4264-2183-4806-B3BD-9A33012CE8F9}\TypeLib\ = "{0CA5189C-0C96-4276-9E4E-FC544F99943C}"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ProFitCaptionMaker.Application\Clsid\ = "{504D4264-2183-4806-B3BD-9A33012CE8F9}"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}\3.0\ = "ProFitCaptionMaker"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0CA5189C-0C96-4276-9E4E-FC544F99943C}\3.0\0\win32	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\ProxyStubClsid32	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2000C0D-D7A0-4851-A20C-655C9D94454C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
624	280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\280874369f9ffbe46e9a98b9cea2c8c6_JaffaCakes118.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:624

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads