00a290460af0c1b3050c96e3f52b0f7ed4fd8e515ac5255a66f415b58b455ddd

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 14:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
Size

298KB
MD5

2caa6c064b558c77571aaf44ebd90edf
SHA1

9f765d7359481b678eb7c588392c08786ec72558
SHA256

00a290460af0c1b3050c96e3f52b0f7ed4fd8e515ac5255a66f415b58b455ddd
SHA512

d6a31d6d6fd7ae004965d2aab68e772f81270721e64f7cdab883b88b5b437e866d16f48b5172aae29c6549d4a08fb5416e2eaa85a984b7b6fe3e84a1200ad906
SSDEEP

6144:TCFykMHajHCH3vvOQaBWjRS9nVW5GJZ2tNYLj8MfsZooE6q:TCFypHgHCXvvOfrVzYKj86s0L

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4876 set thread context of 4176	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	84
PID 4876 set thread context of 0	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe

Modifies registry class 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4176	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
4176	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
4176	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
4176	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 4176	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	84
PID 4876 wrote to memory of 4176	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	84
PID 4876 wrote to memory of 4176	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	84
PID 4876 wrote to memory of 4176	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	84
PID 4876 wrote to memory of 4176	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	84
PID 4876 wrote to memory of 4176	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	84
PID 4876 wrote to memory of 4176	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	84
PID 4876 wrote to memory of 0	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
PID 4876 wrote to memory of 0	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
PID 4876 wrote to memory of 0	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
PID 4876 wrote to memory of 0	4876	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
PID 4176 wrote to memory of 3432	4176	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	56
PID 4176 wrote to memory of 3432	4176	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	56
PID 4176 wrote to memory of 3432	4176	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	56
PID 4176 wrote to memory of 3432	4176	2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3432
- C:\Users\Admin\AppData\Local\Temp\2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4876
- - C:\Users\Admin\AppData\Local\Temp\2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2caa6c064b558c77571aaf44ebd90edf_JaffaCakes118.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3432-83-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/4176-78-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4176-80-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4176-76-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4876-0-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/4876-1-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-2-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-73-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/4876-72-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-36-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-71-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/4876-70-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/4876-69-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-68-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-67-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-66-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-65-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-64-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-63-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-62-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-61-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-60-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-59-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-58-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-57-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-56-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-55-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-54-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-53-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-52-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-51-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-50-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-49-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-48-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-47-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-46-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-45-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-44-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-43-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-42-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-41-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4876-40-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-39-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-38-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-37-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-35-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-34-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-33-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-32-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-31-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-30-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-29-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-28-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-27-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-26-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-25-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-24-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-79-0x0000000000401000-0x0000000000438000-memory.dmp

Filesize
220KB

Download
memory/4876-82-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/4876-23-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-22-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-21-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-20-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-19-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-18-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-17-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-16-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-15-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-14-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-13-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-12-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-11-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-10-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-9-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-8-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-7-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-6-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-5-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-4-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/4876-3-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download