9fbd41248dd7319b3f1a1631a2186c73f49641b13b3773c5f399d085793c4ca5

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Size

641KB
MD5

5d88b6820a2c0cefde6acb2a23e8fc21
SHA1

61e53c1ec5ed9a09ebb3840ab8c13d4b40d454f2
SHA256

9fbd41248dd7319b3f1a1631a2186c73f49641b13b3773c5f399d085793c4ca5
SHA512

83753d8c11b6af04196f225674b8f451823ae95561bdd63458fdd23faa06ca630d3d5040924c1b6ddf94ac74ebc670abe8f6cb610980e682ebd1054a0b62fbc5
SSDEEP

12288:y38U/9L9e7+nZM564Fbo7ClXtx/zwWDEE2Ppy1FeDlq:4jA5doCptXDE5uFYQ

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\MiscStatus	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\Programmable	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe \"%1\""	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\shell	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\TypeLib	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.il	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\shell	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\DefaultIcon	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\shell\ = "Open"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\ProgID\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\ToolboxBitmap32	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\Version	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl\ = "iclFile_Aha"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ico\UndoClass_Aha\ = "icofile"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl\UndoClass_Aha\ = "IconLibraryFile"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\DefaultIcon	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\shell\ = "Open"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\MiscStatus\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\ToolboxBitmap32\ = "%systemroot%\\SysWow64\\mstscax.dll"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\shell\Open	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\DefaultIcon\ = "%1"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\InprocServer32	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\VersionIndependentProgID	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\shell	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\shell\Open\Command	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\DefaultIcon\ = "%1"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl\Content Type = "Icon Library"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\shell\Open	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\shell	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\ = "Windows Icon"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\DefaultIcon	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\ProgID\ = "MsTscAx.MsTscAx.1"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ico\ = "icofile_Aha"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\ = "Icon Library"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\Control\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\Programmable\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\TypeLib\ = "{E1512222-E84C-9384-3594-1882C2AEC9F4}"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\shell\ = "Open"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\DefaultIcon	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\shell\Open\Command	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ico\UndoClass_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe \"%1\""	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\VersionIndependentProgID\ = "MsTscAx.MsTscAx"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl\UndoClass_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe \"%1\""	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\ = "Icon Library"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\DefaultIcon\ = "%1"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.nil	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\VersionIndependentProgID\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.il\ = "ilFile_Aha"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.nil\ = "nilFile_Aha"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\Control	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\ProgID	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\Version\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\Version\ = "1.0"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\MiscStatus\ = "0"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D8C6A06C-8000-4151-2087-5C1CFECFF48A}\ToolboxBitmap32\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\ = "Icon Library"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe"
1⤵
- Modifies registry class
PID:696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\config.ini

Filesize
58B

MD5
92654798c3f8efee49867992e2497af8

SHA1
0c50c1d35c1dde5280d924be821ca2c943e012be

SHA256
004723f1be6f0fe8d45c786730f46d364a1407fdd200db505a7796c8c4fc7b27

SHA512
3a6e5cf23b604e54d04377cfab79d5a17cb6a5d7db9f7afc5e217cece9d6a234b2b6c145237830ff43af9d78d951531b1e5eda279298300eb94886832fa6a787

Download Submit
memory/696-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/696-13-0x0000000000400000-0x00000000005B2000-memory.dmp

Filesize
1.7MB

Download
memory/696-20-0x0000000000400000-0x00000000005B2000-memory.dmp

Filesize
1.7MB

Download
memory/696-27-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/696-28-0x0000000000400000-0x00000000005B2000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads