16921926a6c6f21725c673fbc6b5afed28b1997f6c8c5d1229c694f4ace2967a

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Size

431KB
MD5

48ab6adcf7ca78672955368b578ee3ea
SHA1

942afea4018c5e95db23e21e677a7ce705d09c60
SHA256

16921926a6c6f21725c673fbc6b5afed28b1997f6c8c5d1229c694f4ace2967a
SHA512

6615b644859d92086cd29a73dcce408e453a33ebc07fea7ca0eca46319d982953f3d64e2ad3ab3af4951c597bbeb3e63ff36524c85445ed35fadc68200f2ede9
SSDEEP

6144:WUK9Ry2W6dZ4QF2idZecnl20lHRxp3gQdMIE8Cl+OGCiv5l4ynbbXUJFvHY:WU6r4gF3Z4mxxhMIE8ClBBW4xHY

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 51 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\■绝色高清电影网2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\VANCL 凡客诚品在线销售男装女装童装鞋配饰家居2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\卓越亚马逊网上购物图书，手机，数码，家电，化妆品，钟表，首饰等在线销售.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\卓越亚马逊网上购物图书，手机，数码，家电，化妆品，钟表，首饰等在线销售2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\3037.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\当当网—网上购物中心：图书、母婴、美妆、家居、数码、家电、服装、鞋包等，正品低价，货到付款.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\淘宝商城-品牌正品商城保障.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\清纯诱惑美女图2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\■35dh上网导航-最精彩神秘的网址大全！.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\8914.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\6729.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\■71755小游戏-最好玩的在线小游戏！2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\麦考林网上购物，享受网购乐趣，尽在麦网购物商城! 时尚女装内衣配饰化妆品美容保健童装母婴家居用品男装等购物精品!.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\MUI\iexplore.exe	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\173.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\tmp227.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\VANCL 凡客诚品在线销售男装女装童装鞋配饰家居.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\京东商城-中国专业的电脑、手机、数码、家电、日用百货网上购物商城2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\最新电视剧大全.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\WinRAR\ComDlls\8418	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\tmp983.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\tmp958.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\desktop.scf	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\tmp444.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\5071.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\淘宝网 - 淘！我喜欢2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\清纯诱惑美女图.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\tmp122.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\MUI	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\■极光网络电视-极速高清网络电视在线观看2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\MUI\iexplore.exe	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\最新电视剧大全2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\淘宝网 - 淘！我喜欢.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\8840.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\tmp975.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\tmp750.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\麦考林网上购物，享受网购乐趣，尽在麦网购物商城! 时尚女装内衣配饰化妆品美容保健童装母婴家居用品男装等购物精品!2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\京东商城-中国专业的电脑、手机、数码、家电、日用百货网上购物商城.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\242.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\中国福利彩票，时时彩、体育彩票投注中心！【彩票大赢家】2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\■绝色高清电影网.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\■71755小游戏-最好玩的在线小游戏！.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\淘宝商城-品牌正品商城保障2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\■35dh上网导航-最精彩神秘的网址大全！2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\tmp405.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\1002.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\7246.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\中国福利彩票，时时彩、体育彩票投注中心！【彩票大赢家】.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\当当网—网上购物中心：图书、母婴、美妆、家居、数码、家电、服装、鞋包等，正品低价，货到付款2.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\■极光网络电视-极速高清网络电视在线观看.bak	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
File created	C:\Program Files (x86)\WinRAR\ComDlls\8418\temp2\3062.tmp	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.poy1a	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\IsShortcut	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\shell\open\command	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\6oi0file\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.poy1\ = "poy1file"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\shell\ = "open"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\shellex\ContextMenuHandlers	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\shellex\ContextMenuHandlers\	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.6oi0	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\6oi0file\ = "????"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\6oi0file\shell\open\command\ = "\"C:\\Program Files (x86)\\WinRAR\\ComDlls\\8418\\vnweaj.exe\" \"%1\""	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\shellex\ContextMenuHandlers\	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\shell\open\command	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\DefaultIcon\ = "C:\\Program Files\\Internet Explorer\\iexplore.exe,0"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\shell\ = "open"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.poy1b	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\ = "????"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\NeverShowExt	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\DefaultIcon	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\shell\open	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\NeverShowExt	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.6oi0\ = "6oi0file"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\NeverShowExt	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\6oi0file\IsShortcut	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.poy1	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\shellex\ContextMenuHandlers	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\shellex\ContextMenuHandlers\	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.poy1a\ = "poy1afile"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\shellex	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\ = "????"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\shell	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\DefaultIcon	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\6oi0file\shellex\ContextMenuHandlers	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\6oi0file\DefaultIcon	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\ = "????"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\DefaultIcon\ = "%SystemRoot%\\explorer.exe,0"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\6oi0file\shell	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\NeverShowExt	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\shellex	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.poy1b\ = "poy1bfile"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\shell\open	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\IsShortcut	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\shell\open\command	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\shell	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1afile\shell\open	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.n1bq\ = "n1bqfile"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\shell	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\IsShortcut	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\shell	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\shellex\ContextMenuHandlers	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\shellex	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\shell\ = "open"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\6oi0file\shellex	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\ = "????"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\shell\open\command	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1bfile\shell\open\command\ = "\"C:\\Program Files (x86)\\WinRAR\\ComDlls\\8418\\vnweaj.exe\" \"%1\""	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\DefaultIcon	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\shell\ = "open"	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\n1bqfile\shell\open	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\poy1file\shell\open\command\ = "\"C:\\Program Files (x86)\\WinRAR\\ComDlls\\8418\\vnweaj.exe\" \"%1\""	48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\48ab6adcf7ca78672955368b578ee3ea_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2948-1-0x00000000002A0000-0x00000000002F4000-memory.dmp

Filesize
336KB

Download
memory/2948-0-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2948-3-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2948-2-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2948-28-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2948-27-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2948-26-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/2948-25-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/2948-24-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/2948-23-0x0000000001F70000-0x0000000001F71000-memory.dmp

Filesize
4KB

Download
memory/2948-22-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/2948-21-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/2948-20-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/2948-19-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2948-18-0x0000000001F10000-0x0000000001F11000-memory.dmp

Filesize
4KB

Download
memory/2948-17-0x0000000001F20000-0x0000000001F21000-memory.dmp

Filesize
4KB

Download
memory/2948-16-0x0000000001E70000-0x0000000001E71000-memory.dmp

Filesize
4KB

Download
memory/2948-15-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/2948-14-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/2948-13-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/2948-12-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/2948-11-0x00000000031A0000-0x00000000031A3000-memory.dmp

Filesize
12KB

Download
memory/2948-10-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/2948-9-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/2948-8-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2948-7-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2948-6-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2948-5-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2948-4-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2948-77-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2948-78-0x00000000002A0000-0x00000000002F4000-memory.dmp

Filesize
336KB

Download