421fbabe9806d63c6976166685a3b2c370aed1ff1c228b40f8a6b8a33e3a39e5

Analysis

max time kernel
94s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 18:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

35f4505dca17bc0dd5b20d8091bdd1bf_JaffaCakes118.exe
Size

119KB
MD5

35f4505dca17bc0dd5b20d8091bdd1bf
SHA1

72c32a5778c2d07449013427470871f0c144b323
SHA256

421fbabe9806d63c6976166685a3b2c370aed1ff1c228b40f8a6b8a33e3a39e5
SHA512

0b6642f86beb8186bc0218f11705dc1ad6a0d90386cd85b399daa54790c096747a2c2f1d8d7a7d26dee96e3c568a1bb82e9858dea8da19c2a09233a88f3c13a6
SSDEEP

1536:BIpahRtwfbygndrhrtk0pu1KvqnMih7LWUFaH9LO5on:2sS/jLQHWUFadLO5o

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e9ebe0f4f1eaf1aae1fce1 = "C:\\Users\\Admin\\punu.exe"	35f4505dca17bc0dd5b20d8091bdd1bf_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3028	35f4505dca17bc0dd5b20d8091bdd1bf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\35f4505dca17bc0dd5b20d8091bdd1bf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\35f4505dca17bc0dd5b20d8091bdd1bf_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-0-0x0000000000120000-0x0000000000144000-memory.dmp

Filesize
144KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads