9111b211e00cf26840a4e531b0b8e0fea38e03659265ed032b53d95f685f573a

Analysis

max time kernel
150s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
Size

72KB
MD5

2fe9285d80bcad0b996ec53183e14b12
SHA1

85256cb50c1cd619bc14bccd378ec534de68df79
SHA256

9111b211e00cf26840a4e531b0b8e0fea38e03659265ed032b53d95f685f573a
SHA512

acae700eaba12d093c02ef6a588823f46b273e375e460436f7ff20efbec59fa7a8bd00d67d13d555ded2ed52fd46b290f3e99f7c36cffee605dce58f1ae3e654
SSDEEP

1536:f3ApTory02+KW9z3+IQIjbsnkQQCj+nqbz:IK2JWB3+IQIjbsnkQQCx

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE$	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ja-JP\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\View3D.ResourceResolver.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\System\fr-FR\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerElevatedAppServiceClient.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\is-IS\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lv-LV\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\WinMetadata\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe$	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\te\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\7z.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\7.0.16\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe$	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe$	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office15\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\management\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE$	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe$	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ms\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\en-GB\View3d\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pt-BR\View3d\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\logger\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpconfig.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sl-SI\View3d\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SDXHelperBgt.exe	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Scripting.Dictionary	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\JSFile.HostEncode	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\ASPFILE\SCRIPTHOSTENCODE	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{420B2830-E718-11CF-893D-00A0C9054228}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Scripting.FileSystemObject\ = "FileSystem Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASP.HostEncode	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JSFile.HostEncode	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.js	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vbs	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HTML.HostEncode\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile.HostEncode\CLSID	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2480455240-981575606-1030659066-1000_Classes\.html	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Scripting.Encoder	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ScriptHostEncode	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.asp	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\ScriptHostEncode	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Scripting.FileSystemObject	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ASP.HostEncode	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Scripting.Encoder	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CF774D1-F077-11D1-B1BC-00C04F86C324}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{85131631-480C-11D2-B1F9-00C04F86C324}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\JSFILE\SCRIPTHOSTENCODE	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Scripting.Dictionary\ = "Scripting.Dictionary"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Scripting.FileSystemObject	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JSFile.HostEncode\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Scripting.Encoder\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ScriptHostEncode	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HTML.HostEncode	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ScriptHostEncode\ = "{0CF774D0-F077-11D1-B1BC-00C04F86C324}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JSFile\ScriptHostEncode	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile.HostEncode	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0CF774D0-F077-11D1-B1BC-00C04F86C324}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASP.HostEncode\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ScriptHostEncode\ = "{85131631-480C-11D2-B1F9-00C04F86C324}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{85131630-480C-11D2-B1F9-00C04F86C324}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\aspfile\ScriptHostEncode\ = "{0CF774D1-F077-11D1-B1BC-00C04F86C324}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JSFile\ScriptHostEncode\ = "{85131630-480C-11D2-B1F9-00C04F86C324}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\HTML.HostEncode	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EE09B103-97E0-11CF-978F-00A02463E06F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cdx	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{32DA2B15-CFED-11D1-B747-00C04FC2B085}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\HTMLFILE\SCRIPTHOSTENCODE	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\aspfile	regsvr32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2768	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 1876	2768	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe	84
PID 2768 wrote to memory of 1876	2768	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe	84
PID 2768 wrote to memory of 1876	2768	2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s scrrun.dll
  2⤵
  - Modifies registry class
  PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2fe9285d80bcad0b996ec53183e14b12_JaffaCakes118.Axv

Filesize
72KB

MD5
2fe9285d80bcad0b996ec53183e14b12

SHA1
85256cb50c1cd619bc14bccd378ec534de68df79

SHA256
9111b211e00cf26840a4e531b0b8e0fea38e03659265ed032b53d95f685f573a

SHA512
acae700eaba12d093c02ef6a588823f46b273e375e460436f7ff20efbec59fa7a8bd00d67d13d555ded2ed52fd46b290f3e99f7c36cffee605dce58f1ae3e654

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads