0eb585da230606c68053ed5b8cde4548233589e58c1dead80e6c24aa27119b6d

Analysis

max time kernel
13s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe
Size

176KB
MD5

5cb70d9f9f95a6c32a8a9b0bb3ebdee9
SHA1

c0b351b8b5cdafd2adc2401e2b3a6d6caee30568
SHA256

0eb585da230606c68053ed5b8cde4548233589e58c1dead80e6c24aa27119b6d
SHA512

44e638573cb1c48e752cd30436022e9eea1e3d050cad9e64fee28ecc2ebeefa26531025614206de1b6fe58a4af754093a0a415422711803a0ea4e06ea2fc4874
SSDEEP

3072:Dqs2yGK0A2uuAWClbKmTgLVLpV6AbQWk8kMQdK7HYkkJgogn4CXu:mLnKK+KsgMhMQd8UC

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NetCmdSys = "C:\\Windows\\NetCmdSys.exe"	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe
808	5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5cb70d9f9f95a6c32a8a9b0bb3ebdee9_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads