aea17fe91c0282671abc69c6260e04eab833948570d3cf869756151e473957c0

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 23:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe
Size

152KB
MD5

325db41b12d32ad50603385ca14472a7
SHA1

8dbb38ed9fdc48daf226c642744b3235695c8352
SHA256

aea17fe91c0282671abc69c6260e04eab833948570d3cf869756151e473957c0
SHA512

c4666471f16fc3e6202ca73157f7c85872429567fb4de6baf0b44c1f3476671746709bc739e4267556d2094075759c3a32efd13a351f30ac82876ed11fef0082
SSDEEP

3072:+3bJADd+outSPre9xJ00s6ehgZOHOrD1KA24t2Mt2TR:QJ5oSee3chgZzKsL4TR

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 6 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List	325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\1900:UDP = "1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"	325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\2869:TCP = "2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"	325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe:*:Enabled:@xpsp2res.dll,-22005"	325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\12808:TCP = "12808:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"	325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NvGraphicsInterface = "C:\\Users\\Admin\\AppData\\Local\\Temp\\325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe"	325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\325db41b12d32ad50603385ca14472a7_JaffaCakes118.exe"
1⤵
- Modifies firewall policy service
- Adds Run key to start application
PID:1824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1824-2-0x0000000000433000-0x0000000000453000-memory.dmp

Filesize
128KB

Download
memory/1824-0-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1824-1-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1824-3-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads