036abc926bf5e57dc247f1e42179daef6a76a97ce7404ed32e53e221cac584a4

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 11:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
Size

36KB
MD5

2c3fc2905c8761b05cf40c04d9b09ee7
SHA1

d6b953dc5007228b0a0d4607d61c56119b2695e4
SHA256

036abc926bf5e57dc247f1e42179daef6a76a97ce7404ed32e53e221cac584a4
SHA512

65582500d6329833d17913226a17ab7b1bb8c81ace17da15b486c282c43ac3b0db4cc38614d2267fbdfa593f7cd848cef7619942d5ff0ba3be456234259a0a64
SSDEEP

384:/1GCCdodRxsT8E06z0oBv4QdikJOHeqnO8GB05Mg:/AzCsAgnv4QdiPeqnU0ig

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rsver.dll	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\svers.dll	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dll\csrss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\srsver.dll	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\drivers\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\data\csrss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\MsDtc\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\spools\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\vzones\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\uninse.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\svers.dll	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\display\smss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\rpool\smss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\netcom.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\auto32.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\svchost.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\dllcache\smss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\vzones\smss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\spool\lsass.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\sm.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\outlook.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\dll\smss32.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\dll32.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\misi.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\debug64\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\msndebug\lsass.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\vdzones\lsass.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\csrss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\Outlook.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\MsDtc\smss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\ijl11.dll	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\zip\csrss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\ShellExt\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\msimn.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\data\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\dhcp\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\winusers.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\makensis.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\ARTemp.dll	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\unir.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\msim32.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\ziplogs\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\spools\smss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\isas\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\OSdebug\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\rpool\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\AR.dll	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\ex.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\rsver.dll	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\DCom.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\img32\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\dllcache\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\display\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\dll\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\DX.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\zip\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\msndebug\cmss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\dll32\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\msapps\services.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\taskmgr.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\Outlook32.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\comm.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\winvid.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\ziplogs\csrss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\msapps\csrss.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\msn32.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
File opened for modification	C:\Windows\winsyst.exe	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3760	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "0"	2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2c3fc2905c8761b05cf40c04d9b09ee7_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads