9fbd41248dd7319b3f1a1631a2186c73f49641b13b3773c5f399d085793c4ca5

Analysis

max time kernel
147s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Size

641KB
MD5

5d88b6820a2c0cefde6acb2a23e8fc21
SHA1

61e53c1ec5ed9a09ebb3840ab8c13d4b40d454f2
SHA256

9fbd41248dd7319b3f1a1631a2186c73f49641b13b3773c5f399d085793c4ca5
SHA512

83753d8c11b6af04196f225674b8f451823ae95561bdd63458fdd23faa06ca630d3d5040924c1b6ddf94ac74ebc670abe8f6cb610980e682ebd1054a0b62fbc5
SSDEEP

12288:y38U/9L9e7+nZM564Fbo7ClXtx/zwWDEE2Ppy1FeDlq:4jA5doCptXDE5uFYQ

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe \"%1\""	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.nil\Content Type = "Icon Library"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\InProcServer32\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\TypeLib\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.nil	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ico\UndoClass_Aha\ = "icofile"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\shell\Open	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe \"%1\""	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\DefaultIcon\ = "%1"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\InProcServer32	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.il	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\DefaultIcon	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\.ico\ = "icofile_Aha"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\ProgID\ = "Msxml2.XMLSchemaCache"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\VersionIndependentProgID\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\shell\ = "Open"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\.ico	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ico\UndoClass_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl\UndoClass_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe \"%1\""	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\DefaultIcon\ = "%1"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\shell\ = "Open"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\shell\Open\Command	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\ = "Windows Icon"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\TypeLib	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\VersionIndependentProgID	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl\Content Type = "Icon Library"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\DefaultIcon\ = "%1"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\DefaultIcon	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\DefaultIcon\ = "%1"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\ProgID	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.il\ = "ilFile_Aha"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\shell	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\Version	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.nil\ = "nilFile_Aha"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\shell	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl\UndoClass_Aha\ = "IconLibraryFile"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\shell	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\DefaultIcon	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.il\Content Type = "Icon Library"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe \"%1\""	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\ProgID\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.icl\ = "iclFile_Aha"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\ = "Icon Library"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\VersionIndependentProgID\ = "Msxml2.XMLSchemaCache"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\shell\Open\Command	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\shell\Open\Command	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\icofile_Aha\DefaultIcon	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\TypeLib\ = "{B18247D2-B910-A7F5-5FED-09647B965391}"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\Version\	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\shell\Open	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\ = "Icon Library"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5593CB90-AD2E-4BFF-D7B4-7924D04C6E9F}\Version\ = "3.0"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\iclFile_Aha\shell\ = "Open"	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ilFile_Aha\shell\Open\Command	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\nilFile_Aha\shell\Open	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4264	5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d88b6820a2c0cefde6acb2a23e8fc21_JaffaCakes118.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\config.ini

Filesize
58B

MD5
92654798c3f8efee49867992e2497af8

SHA1
0c50c1d35c1dde5280d924be821ca2c943e012be

SHA256
004723f1be6f0fe8d45c786730f46d364a1407fdd200db505a7796c8c4fc7b27

SHA512
3a6e5cf23b604e54d04377cfab79d5a17cb6a5d7db9f7afc5e217cece9d6a234b2b6c145237830ff43af9d78d951531b1e5eda279298300eb94886832fa6a787

Download Submit
memory/4264-0-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/4264-13-0x0000000000400000-0x00000000005B2000-memory.dmp

Filesize
1.7MB

Download
memory/4264-20-0x0000000000400000-0x00000000005B2000-memory.dmp

Filesize
1.7MB

Download
memory/4264-27-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/4264-28-0x0000000000400000-0x00000000005B2000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads