74864f790cff6b3c2338b929f76a321c415e7f026872a764df5790b721025dd1

Analysis

max time kernel
44s
max time network
46s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39377541679e8a4f296777751e7c3bf2_JaffaCakes118.exe
Size

25KB
MD5

39377541679e8a4f296777751e7c3bf2
SHA1

96106a1f5c21eb3e6bca8a909269a352709f2052
SHA256

74864f790cff6b3c2338b929f76a321c415e7f026872a764df5790b721025dd1
SHA512

9e10dd36d8f5f812b0963b4697552b8f0fbd6e75f9eee344c79b967b0dedc8b8ef89f4a4d7a80a2689301b0234ae116b03e49f9e86a0262302d2a25c8c0ace7f
SSDEEP

384:oI8Sgfn8SGrpHsPwjPW3UQqrr3yw/yz8Sjgm1GGd1R9lmhh4WWieZWN7H:eSgkSGFHsPwjPkDa3peZRfmhhdeG

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	39377541679e8a4f296777751e7c3bf2_JaffaCakes118.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	39377541679e8a4f296777751e7c3bf2_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1756	39377541679e8a4f296777751e7c3bf2_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1756	39377541679e8a4f296777751e7c3bf2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\39377541679e8a4f296777751e7c3bf2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\39377541679e8a4f296777751e7c3bf2_JaffaCakes118.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~!#3FEB.tmp

Filesize
9KB

MD5
f7b3ce7fc9d46135ce51464b6073e7f8

SHA1
19c1801898ca8662bc32020e3ae8d4a98acd04c1

SHA256
3bada61ecefd084db9933d560dd8446ecef93150181e7b9eabea366f52e31aaa

SHA512
81247e701b8292915575d568316d28081c80a85a89c957df42f7823de8d4071c177bd776f0be2ee045b5f251c230e49ab10de0881d5e63179726410ead2e5c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#5588.tmp

Filesize
9KB

MD5
89bae1144a136947e4707b8ff1490b4d

SHA1
c8e438d2196f8f094d083d575f51bddb4dd96c3b

SHA256
12ffc4f6283ac6b4060af717da09c78e97a0379d7bfe5380207a9f82d973bce4

SHA512
511038e83637dc329f635fc404552c9cef6ab9ac576b07195a3f5060348061a523f02cf6b458d0bc6cae46f448fc11690b4761899c21309813d53a4acc5914c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#5D04.tmp

Filesize
7KB

MD5
265320c617281418ee5a0eeb0eedf9ad

SHA1
ec2722221f513f22a7e54269a671b2c091ea2212

SHA256
fd28fec5bdf88064569fb7173b924b35ed5741b7df4b203b4bef0ba4abade769

SHA512
c565e39d936cef6a5d49844d06792bbd68f3008d691684372df1c33d98e96146042dc77083ed227e33c5b6c435d26dab27a86807fde7b59cc0dd41513fdd55a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#61AE.tmp

Filesize
4KB

MD5
34392dab3badf1aa9d8e5c7a54ca7465

SHA1
4ff83fb0e1bc3804a3890a8ef07aa8fec8597a4c

SHA256
096b24f6600695536ad002b3b4484ef64eb37632325fb657dad48dd79dce57d8

SHA512
63b3fb49a719933097c9d8420f12ddec5c07a3636a262c6ba7b787bf54933557d0091617d3bf561ddd7b23dfc21efe77351b728993c20278c77d338f055db94c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#6A67.tmp

Filesize
6KB

MD5
74109e627deeecefdfaab8e995e10ee6

SHA1
d00a7c2f3aa99f5ae7f25d4463b20cf2ce1ddc9e

SHA256
5c729d5b538a494a7b4aca66b08deade939137517aa9accdc54e0800cddc83ee

SHA512
ab9e62ba4376321196e520734e5a05417bbf9dff9bc7bf23b3f641a0828105e43177f119596443daa32c0fda902b8ee3cb60b4d8f149e510d49790da429f0779

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#6B62.tmp

Filesize
12KB

MD5
3a953fc576a9c9ef7a891d31a5e7452a

SHA1
6ae2ab43b28612c2712be7a4ba50074efd358c60

SHA256
489be193ffc84903d3727e964d88aaf07af6b1255920bcb829f09fec62a1403b

SHA512
2dcaec93f1a9a49b60047c36595e69d4346955ef1e79d74806fa0bcc36cf975f823c9371f7aa6691091d52c47f92726af3f6f0bf9be041a76c5f023e1c7fb307

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#6C6D.tmp

Filesize
4KB

MD5
80fcd8324e7049e4d73d4487479cd465

SHA1
5116047a0d768fa33df08f694c81a628c25ffdf5

SHA256
fb0ac747828f3b53ada36da693b1d51ba2340dc1b57f819f9d7c62a5a0bc00f5

SHA512
fd542af584e4b7f6bafc2176198d40fda87b107b1bcfe215a9762198c69563606ca9a3193ff4a2e94a99835f56c7c3f75b69f47782b54346c2180028e3aa157f

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#74A8.tmp

Filesize
9KB

MD5
4da64a276b11b81fd1d7c362ef3b6ca3

SHA1
4344442360dac845a8eb36f234fe1a4a6593a278

SHA256
20d02dc0efcece138b7ddcd4f3f01923ca108fde4519c0eb5bc9a19ec11aff44

SHA512
04d6c180b73862cca735931354b250ad5edf1fca36e1cb71a915dcfd77ae27151c098b3b5890e1391dde573c680639217c8d906aee1a71e69b64e2f7c404f4c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#7535.tmp

Filesize
5KB

MD5
9d16d3e1d3d88127c5a08967d2de7b6b

SHA1
572d7cc5e4838e5a2c6bb7fe41b7c1780cdd05c8

SHA256
cadde548fe1f4481ac8fc699bcc62e7afbd72555e69c9a4460f620dc09de03a5

SHA512
fd61979f2267a2ec0ef76d764438336b93121749b188ff227ac6f6f43dcc8f2799071683df10f993e805d66893527dbc7d753dc5306cdc7efc78f45fe1b7ecf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#7631.tmp

Filesize
4KB

MD5
907721879c907337535693931f3b8b0b

SHA1
f6845d9b99fc72e51e399cd48e2f9dee04a36934

SHA256
37de78cdb2569289fa766f2cb0d4daf5b8b56eff765310d0b91eda4d515d003f

SHA512
51eab867735ee9996222a93f42b49d27e3556e17990a7f5a1cf01249f759aa63c1252fae45198ac7e20ab02a0f746303494faa27fc0c59e0bc8dde0421330056

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#7E7B.tmp

Filesize
13KB

MD5
9327eed19825c225915a5b4f5a8cc3dc

SHA1
326437d7c4f8af88781b1567f1887b283e497e39

SHA256
bb9da07af7fb562be9fb85b0052b0dc37f9bd431c7fd6e643d937221dd4822c3

SHA512
98fba3992c12599a591f0f26830b46e5a8b90cae1430cf6bea23ce560c053789edb99b85b57e3bcabec9c980e01af3cce87b9f5f1c9c8f752b1a097874081251

Download Submit
C:\Users\Admin\AppData\Local\Temp\~!#8949.tmp

Filesize
29KB

MD5
d36f45bff05a44213e18434580ca01cb

SHA1
a0bc828cd1f4006f320e13b09a1fdd7892ad671e

SHA256
9c0ac03723686c4ca9b5a26fcc26419d5cd6bc2507fdedee26fb54f47650c6bc

SHA512
ea46dd4a8c68066a2d2dffcc6c0ca2efe96e6cb3adf434f14d835bf1f0b7ec893b92b568c0689ad2a2b20c2f3de69dbe3d79e150b28fa8c4570df9f835b04098

Download Submit
memory/1756-157-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/1756-0-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download