1425dc4058f490785ca83db9a54cc1fc7a83cd806e9e29dec1e4ef3cfa9384d5

Analysis

max time kernel
95s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Size

792KB
MD5

33f98a048d1c9f6132525e4d1cb139a3
SHA1

2bb45da682c8589b11281d07becdaa6b7c521a75
SHA256

1425dc4058f490785ca83db9a54cc1fc7a83cd806e9e29dec1e4ef3cfa9384d5
SHA512

eda9b21d24ce5cca0d47eebc6ef194ad682260484a715ed0ca4cd3f0698eb55d76bc0b11902db39df9e429046480f29e1b0da5965e26f8537ae503fc6d4273c3
SSDEEP

1536:ZOm5PjdtGbgoPYcrLdcRzkazu4rQ3zDfpWxEUCGcOlG:ZFhIb6RHrIzDBW/CGNG

Score

1^/10

Malware Config

Signatures

Modifies registry class 44 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}\1.0	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\ProgID	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PowerAccountBusinessOffice.Application	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PowerAccountBusinessOffice.Application\Clsid\ = "{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\ProxyStubClsid32	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}\1.0\0\win32	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\ProxyStubClsid32	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\TypeLib	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PowerAccountBusinessOffice.Application\ = "PowerAccountBusinessOffice.Application"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\TypeLib	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\VERSION\ = "1.0"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}\1.0\FLAGS	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}\1.0\0	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\TypeLib\ = "{90269309-6D43-440F-B59A-25866B00C6FD}"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\VERSION	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PowerAccountBusinessOffice.Application\Clsid	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}\1.0\HELPDIR	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\ = "_Application"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\ = "_Application"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\LocalServer32	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\TypeLib\ = "{90269309-6D43-440F-B59A-25866B00C6FD}"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\ = "Application"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}\1.0\ = "PowerAccountBusinessOffice"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\TypeLib	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\TypeLib\ = "{90269309-6D43-440F-B59A-25866B00C6FD}"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\ = "PowerAccountBusinessOffice.Application"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\Implemented Categories	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\Programmable	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{90269309-6D43-440F-B59A-25866B00C6FD}\1.0\FLAGS\ = "0"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\TypeLib\Version = "1.0"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\TypeLib\Version = "1.0"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E4E7EF5-A64A-4023-A1E6-55868FEA6F76}\ProgID\ = "PowerAccountBusinessOffice.Application"	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8AC8807-79F5-40B9-85FE-AB3A8C233061}\ProxyStubClsid	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4656	33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\33f98a048d1c9f6132525e4d1cb139a3_JaffaCakes118.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4656

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads