0161f8a051d21c2001ee380922cd97861b6bba4f54bb727d39bd80110a9ddcde

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
Size

12KB
MD5

3ff6053a7e10c33edf0573bd833d2320
SHA1

b9c5dc9796333e81521f80d7b1b822551a948c5b
SHA256

0161f8a051d21c2001ee380922cd97861b6bba4f54bb727d39bd80110a9ddcde
SHA512

f2034c4871ec4d5421788247b0041c556d4e4d20d9c5e5af9221e54b139a067f9c8b7fc5318b975ccca3b644592629009303778a225795dcd25adf98aab2f155
SSDEEP

192:xbZALjUg9bxkXynmQhho8D9zc3FBMCFDpIUgf+6ZueR3a2VhKfxH+GECk:x9k4k3hhzxzuFBM2DpIUgG6ZzDhK+2

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\reseurce = "C:\\Windows\\svchost.exe"	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
File opened for modification	C:\Windows\svchost.exe	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2232	3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3ff6053a7e10c33edf0573bd833d2320_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads