f685008eddd19df4781f5cd30ea72e51794a08e74295e811d89fcf7f097fec1a

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Size

76KB
MD5

351ec8470cf06a248175699d638cb817
SHA1

f9852eb63dd3de06a22f1de7c35bd6836272db39
SHA256

f685008eddd19df4781f5cd30ea72e51794a08e74295e811d89fcf7f097fec1a
SHA512

3375eaa65ac18cf1d6281fa498cb27b0438f44750c98f4c7b8cb391b699d5d21385d2045874beb633f0accf3ded2025c15c2189c88d4ee4ad0a3e766a0491f60
SSDEEP

1536:r0GTHmnET2qhy0sA+bojVI+WhRHXfIJpjVrs2ryrd1vUQuq6:g/ghybbMIDXfaHs2qo

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\hcjzqenb.exe	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\index.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\revhnlhn.exe	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\chllsvtv.exe	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\tsbknceh.exe	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\rvhrjtnt.exe	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\ = "ebssehbtzkknvtnv"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCAC026C-ED93-9E96-5016-E9CE78157854}\ = "rblnwzhcqbzvbehj"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\ = "rhkzjtbtwxvblvbx"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32\ = "C:\\Program Files\\Java\\jre-1.8\\hcjzqenb.exe"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\ = "vhlksrzqzvshekkh"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\jre\\revhnlhn.exe"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\tsbknceh.exe"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCAC026C-ED93-9E96-5016-E9CE78157854}	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\ = "nrsjhbckczkkehrx"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCAC026C-ED93-9E96-5016-E9CE78157854}\LocalServer32	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BCAC026C-ED93-9E96-5016-E9CE78157854}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\351ec8470cf06a248175699d638cb817_JaffaCakes118.exe"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\ = "ecxejrkhcrlqzllt"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\chllsvtv.exe"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\rvhrjtnt.exe"	351ec8470cf06a248175699d638cb817_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\351ec8470cf06a248175699d638cb817_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\351ec8470cf06a248175699d638cb817_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:1564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1564-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1564-1-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-2-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-6-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-7-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-8-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-9-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-10-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-11-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-12-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-13-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-14-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-15-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-16-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-17-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-18-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-19-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-20-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-21-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-22-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-23-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-24-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-25-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-26-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-27-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-28-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-29-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-30-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-31-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-32-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-33-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-34-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-35-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-36-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-37-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-38-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-39-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-40-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-41-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-42-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-43-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-44-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-45-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-46-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-47-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-48-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-49-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-50-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-51-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-52-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-53-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-54-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-55-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-56-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-57-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-58-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-59-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-60-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-61-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-62-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-63-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-64-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-65-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-430-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1564-1442-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1564-1443-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads