c9fad75d64365c108b7be0a9cf44ef500db8dd2bfb7735fb6610e355620ff47b

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

457f7ae9a5c5ea3b92302ad704cf9334_JaffaCakes118.exe
Size

29KB
MD5

457f7ae9a5c5ea3b92302ad704cf9334
SHA1

b2a6e37ee3ae1a2b9d6cba55429450b16b79254d
SHA256

c9fad75d64365c108b7be0a9cf44ef500db8dd2bfb7735fb6610e355620ff47b
SHA512

a1fae7cf0787ff7bd2d0eadeeddd5c877d51b3273f6565bcf5355a7518221c09e190abb909a74dfeda15a68f47faeed626e14a29ccc42f1ffb0c5bfdc1cdb86c
SSDEEP

384:21AwaNBftLAZoUiRpYFUyO1MCsKmmfsI8YETlEDfOM1I:UAvLZ+jbssI8pT0fOM1I

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe \"C:\\ProgramData\\Microsoft\\svchost.exe\""	457f7ae9a5c5ea3b92302ad704cf9334_JaffaCakes118.exe

Modifies firewall policy service 3 TTPs 4 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\457f7ae9a5c5ea3b92302ad704cf9334_JaffaCakes118.exe:*:Enabled:KL"	457f7ae9a5c5ea3b92302ad704cf9334_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	457f7ae9a5c5ea3b92302ad704cf9334_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	457f7ae9a5c5ea3b92302ad704cf9334_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications	457f7ae9a5c5ea3b92302ad704cf9334_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3808	1400	WerFault.exe	83

C:\Users\Admin\AppData\Local\Temp\457f7ae9a5c5ea3b92302ad704cf9334_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\457f7ae9a5c5ea3b92302ad704cf9334_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Modifies firewall policy service
PID:1400
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 220
  2⤵
  - Program crash
  PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1400 -ip 1400
1⤵
PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1400-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1400-1-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1400-4-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/1400-3-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads