7bd7912ba96d4006ea2c25c5c9d66e5be12e30ea9fe8ecc8a64df82e27e5a781

Analysis

max time kernel
129s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 14:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

286aa64601345df5b9de42074485e51b_JaffaCakes118.exe
Size

20KB
MD5

286aa64601345df5b9de42074485e51b
SHA1

1a4820fb3f3c7cd6b153810816d4f12630ce3644
SHA256

7bd7912ba96d4006ea2c25c5c9d66e5be12e30ea9fe8ecc8a64df82e27e5a781
SHA512

e2ad9fae2fb20d9b5ac2a9c2230cdc069ff92fee3f3079fa6990cf8da71a1d4e72ad9ac40e12dcc639a5e3efb7888c93089b42a768cac58d71473d23ecf78c58
SSDEEP

384:aXrVROfRt20mt4uc/F9d0sLzKBdF+i0gibZxTt2/CD8MZBOddxaLXhXMOlgjGnhY:arVROfNm+ugF9C2iQvcXMZBexLO6WhY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Iactdlrd-124-6-6 = "1"	286aa64601345df5b9de42074485e51b_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Iactdlsd-124-6-6 = "1"	286aa64601345df5b9de42074485e51b_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Iactdlfm-124-6 = "1"	286aa64601345df5b9de42074485e51b_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Iactdlfd-124-6-6 = "1"	286aa64601345df5b9de42074485e51b_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Iactdlsm-124-6 = "1"	286aa64601345df5b9de42074485e51b_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Iactdlmm-124-6 = "1"	286aa64601345df5b9de42074485e51b_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Iactdlrm-124-6 = "1"	286aa64601345df5b9de42074485e51b_JaffaCakes118.exe

Suspicious behavior: LoadsDriver 38 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
668	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4992	286aa64601345df5b9de42074485e51b_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\286aa64601345df5b9de42074485e51b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\286aa64601345df5b9de42074485e51b_JaffaCakes118.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads