43934d9fb46f482939e1da6cbfa30e3e0f15f43a2cb8de9e79dc46f68b46fbcd

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 03:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c8dc903d226626e845a02e56f5517db_JaffaCakes118.exe
Size

260KB
MD5

4c8dc903d226626e845a02e56f5517db
SHA1

4a88344ad1d7d40474f072b4043dd1823d890e4d
SHA256

43934d9fb46f482939e1da6cbfa30e3e0f15f43a2cb8de9e79dc46f68b46fbcd
SHA512

fb7f4e42278b365aec5c8394cafecb57241060aacfb1ea2244dc3b728eb016e5d0d466153f86ed966f102168f86a5738a8932fc42a5d97ca0c7f99255f5e225c
SSDEEP

3072:DRvNaVxzTX46M57dbeZGB4BYK4P6Cg0G6vjNqsDiRqdJiNQyC+VHu+C7W4kA51:9Az0Hd8+P6nCM8yQyCGO+O4w

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fffdf6f1f0e7e2bcf7eaf7 = "C:\\Users\\Admin\\cbup.exe"	4c8dc903d226626e845a02e56f5517db_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1044	4c8dc903d226626e845a02e56f5517db_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4c8dc903d226626e845a02e56f5517db_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4c8dc903d226626e845a02e56f5517db_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1044-0-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads