e37bda84d2233ec0752e855f7cb98cde22819608fc19764243330e9ac15f26fd

Analysis

max time kernel
149s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
Size

392KB
MD5

36195d91732cf5ecabfa5a248b9d6013
SHA1

bcf21c4972665a2ccc3ff8a26fa3d0b85d16dc40
SHA256

e37bda84d2233ec0752e855f7cb98cde22819608fc19764243330e9ac15f26fd
SHA512

b88a14702aa7f597211458fa03713e413e97a767f54bc70bd5e22a0610c697841ceaea9958935697d7ecf95dc628a37ceb49594f6ce6196e8cd09ee3a455216d
SSDEEP

12288:SOaiVsT8GzCSnT+P4cxaVyLmg/Ts974Lp:dJZ+CSn2aELTs98Lp

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewals = "C:\\Users\\Admin\\AppData\\Local\\Temp\\36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe"	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
2824	36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\36195d91732cf5ecabfa5a248b9d6013_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2824-0-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-1-0x00000000006D0000-0x0000000000705000-memory.dmp

Filesize
212KB

Download
memory/2824-20-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-39-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-38-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2824-22-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-37-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-36-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-35-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-34-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-33-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-32-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-31-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-30-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-29-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-28-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-27-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-26-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-25-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-24-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-23-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-21-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-19-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-18-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-17-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-16-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-15-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-14-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-13-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-12-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-10-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-9-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-8-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-7-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-6-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-4-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-3-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-2-0x0000000002450000-0x0000000002452000-memory.dmp

Filesize
8KB

Download
memory/2824-11-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-5-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-41-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2824-48-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2824-55-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download
memory/2824-54-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/2824-53-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/2824-52-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2824-51-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2824-50-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2824-49-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2824-47-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2824-46-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/2824-45-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/2824-44-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2824-43-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/2824-42-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2824-40-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2824-56-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-57-0x00000000006D0000-0x0000000000705000-memory.dmp

Filesize
212KB

Download
memory/2824-58-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-73-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2824-72-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-71-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-70-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-69-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-68-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-67-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-66-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-65-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-64-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-63-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-62-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-61-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-60-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2824-59-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2824-74-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-75-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-76-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-77-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-78-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-79-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-80-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-81-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-82-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-83-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-84-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2824-85-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download