6512cfef377ff57793a4680b8feffbf2628a46ca08442a1918cb9368e1607366

Analysis

max time kernel
141s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

432f8b46342aca4ac77b3e9e442c0722_JaffaCakes118.exe
Size

688KB
MD5

432f8b46342aca4ac77b3e9e442c0722
SHA1

7698afc579f6da669cf462bb35124a0c00b8c533
SHA256

6512cfef377ff57793a4680b8feffbf2628a46ca08442a1918cb9368e1607366
SHA512

3f91e45e6a0c39ab9b915a261996b5ef10ad2a79a34ceaa1693729c45c43f926657430be28155822dc18cb2f07caee86f1845b1b1a422c399427824ea0a257ae
SSDEEP

12288:+7wp9w+wyQSxL9bV9YxdNATIZWmQzD28GpUnmq1ZanIO:DwaQWJbV9A6TIZWmQn2Unmq1ZaIO

Score

8^/10

persistence

Malware Config

Signatures

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\JavaBrazilMms	432f8b46342aca4ac77b3e9e442c0722_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\JavaBrazilMms\StubPath = "C:\\Windows\\system32\\avgmsgr.exe"	432f8b46342aca4ac77b3e9e442c0722_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avgmsgr = "C:\\Windows\\avgmsgr.exe"	432f8b46342aca4ac77b3e9e442c0722_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\432f8b46342aca4ac77b3e9e442c0722_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\432f8b46342aca4ac77b3e9e442c0722_JaffaCakes118.exe"
1⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3976-0-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/3976-1-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/3976-3-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads