1f938a8b2a8819623fb780045219697cac03c5a3c3748bca81cac10743042466

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
Size

104KB
MD5

2d0fb2ee266e068b8315d3836570063e
SHA1

c5fa01d9e69cb37728e23ce6ac2a4c8d69236e0c
SHA256

1f938a8b2a8819623fb780045219697cac03c5a3c3748bca81cac10743042466
SHA512

17eb421abe6b64f4d1f31225a0caebfa363646feec92a63f26f0e1d426408c57e688b0c6794049982c1096cd33a876a2c6026ee75125c40f12e5cf8707f4a785
SSDEEP

1536:g94nDhOnpgkiuIu9YS6x9uGB+2LGUh5crgqIbflrUHXzIgp2zy9JhTHFNIjnZxS:1wwuOvOqIUrMzIgp2mJNFCnzS

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	dogup.exe

Executes dropped EXE 1 IoCs

pid	Process
2708	dogup.exe

Loads dropped DLL 2 IoCs

pid	Process
2732	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
2732	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 52 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /T"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /p"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /n"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /C"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /s"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /m"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /y"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /S"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /H"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /L"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /I"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /Z"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /W"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /r"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /j"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /h"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /l"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /O"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /R"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /A"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /F"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /f"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /J"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /M"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /V"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /c"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /z"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /d"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /k"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /d"	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /G"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /X"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /U"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /K"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /x"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /Y"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /E"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /b"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /i"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /D"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /o"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /P"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /g"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /q"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /N"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /w"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /u"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /v"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /t"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /e"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /B"	dogup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\dogup = "C:\\Users\\Admin\\dogup.exe /Q"	dogup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2732	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe
2708	dogup.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2732	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
2708	dogup.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2708	2732	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe	30
PID 2732 wrote to memory of 2708	2732	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe	30
PID 2732 wrote to memory of 2708	2732	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe	30
PID 2732 wrote to memory of 2708	2732	2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2d0fb2ee266e068b8315d3836570063e_JaffaCakes118.exe"
1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\dogup.exe
  "C:\Users\Admin\dogup.exe"
  2⤵
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\dogup.exe

Filesize
104KB

MD5
318159447a2a97bc983351bca37aa80f

SHA1
d25f0af4f34bf2d420fc3666d73dd2dd1dd3f1a5

SHA256
652ef7e4ac5f6f7fe224e7482c9e20270c0fb2937c3aca915a94a535e08c68e7

SHA512
a1ee7c8d1712f7fbe881af4e282d10f79d88b7267eb20387f36904b40b5d6c01cbac587c8b84feac4574e0594a891720f683f9d411c3040be2b0d3ba9c6a054f

Download Submit