ac757b22a0124a10c73136bddcdac8d5c75e5bd6ad73ebe306b8b56a831b8bc9

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 12:56

Target

3d76f8896cfd92850d4c132361a96f34_JaffaCakes118.exe
Size

140KB
MD5

3d76f8896cfd92850d4c132361a96f34
SHA1

9b04f0cb5dd2c5d375f1e55c811414597f5e05f8
SHA256

ac757b22a0124a10c73136bddcdac8d5c75e5bd6ad73ebe306b8b56a831b8bc9
SHA512

2891ac96ff15e14bcfac12b19ecbb11d745ee50aa05c45926c746e3e2f1b086d34351a4c0b664ecdd18b5dd32d602f107053c31f2441bd5fe141334527817b53
SSDEEP

1536:HI1Cq1pHUw+qA32k614ToZkUQfLT2CFNjo3+JGfLVa4Em+kY3gtbBKmrKlp:AHz+/u2T2Q20zJG0xj3gOlp

Score

10^/10

evasion

Modifies firewall policy service 3 TTPs 3 IoCs

evasion

Modify Registry

Windows Service

Disable or Modify System Firewall

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplica	3d76f8896cfd92850d4c132361a96f34_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	3d76f8896cfd92850d4c132361a96f34_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\3d76f8896cfd92850d4c132361a96f34_JaffaCakes118.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3d76f8896cfd92850d4c132361a96f34_JaffaCakes118.exe:*:Enabled:DM"	3d76f8896cfd92850d4c132361a96f34_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\DM_Install_Program.job	3d76f8896cfd92850d4c132361a96f34_JaffaCakes118.exe