7a894ec2d8f91384d276d674db3496bdd0fdb1cc738e80d8af49a82f29104f41

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
Size

64KB
MD5

4ae99a9a90e5f175aa8328eefc7c4707
SHA1

f3a5d3f83897038e523c59c5d1ca7f28a4f4ead0
SHA256

7a894ec2d8f91384d276d674db3496bdd0fdb1cc738e80d8af49a82f29104f41
SHA512

b7bab3507864f348408b6edef50da1598783a8affc22ad931be56c31a7f0da6945da503eab0296d7989a2cbc474ef5b9ae1b8dd36704fdb44e7c8a06b03b66c0
SSDEEP

768:MTF1+bODJeYX6jX3M6LmqL/fa2QKxJFOc+j+G2SJs4vXLCN/krEEatNAG:MJ1+gJk7jL/i2QKxblJG9JtvXLjRatJ

Score

8^/10

persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mscore.exe"	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
1888	4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ae99a9a90e5f175aa8328eefc7c4707_JaffaCakes118.exe"
1⤵
- Adds policy Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads