a987fcfbb02e4ead8d6d3b6c99b9f1e8170d535e183ddd9300e937afdf9544b1

Analysis

max time kernel
140s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Size

681KB
MD5

5d78b8c6d041b87bf22540c3b3523b39
SHA1

b58cb35fbe40ef9258d45e108dc9e717232d5cc0
SHA256

a987fcfbb02e4ead8d6d3b6c99b9f1e8170d535e183ddd9300e937afdf9544b1
SHA512

6b479c541774109c7a2a5396297e01cf80679efb18a65a1d4f5271ab720d03945a9b5cc5b1d919fb6522945e278c54c50d73f64e9442b8e8c9a61145c8c5d84a
SSDEEP

12288:CG0ObNwOHlcmCNxY+Y1GJfRyl84190bHkzUwQ6b7MP+Dd2E9Akr:CyFcmYY1GJJyBcH0U67MP+h22D

Score

1^/10

Malware Config

Signatures

Modifies registry class 36 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\InprocServer32	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\InprocServer32\ = "%ProgramFiles(x86)%\\Windows Photo Viewer\\PhotoAcq.dll"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\HELPDIR\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\ProgID	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\FLAGS	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\TypeLib\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\Version\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\Version\ = "1.0"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\InprocServer32\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\ = "wkspbrokerLib"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\HELPDIR\ = "%systemroot%\\system32"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\VersionIndependentProgID	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\VersionIndependentProgID\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\0	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\TypeLib\ = "{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\VersionIndependentProgID\ = "Microsoft.PhotoAcqDeviceSelectionDlg"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\ = "Redoq.Sihisixqo.Ihihip Class"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\ProgID\ = "Microsoft.PhotoAcqDeviceSelectionDlg.1"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\0\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\0\win32\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\0\win32\ = "%systemroot%\\SysWow64\\wkspbroker.exe"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\FLAGS\ = "0"	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\ProgID\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\HELPDIR	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\TypeLib	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\0\win32	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACF2C4CE-AEAB-6DDD-07C0-D5C5B7785107}\1.0\FLAGS\	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E11EC019-7930-40A3-858B-AFA12B33354A}\Version	5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5d78b8c6d041b87bf22540c3b3523b39_JaffaCakes118.exe"
1⤵
- Modifies registry class
PID:4156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4156-0-0x0000000000400000-0x000000000055B000-memory.dmp

Filesize
1.4MB

Download
memory/4156-1-0x0000000002300000-0x0000000002330000-memory.dmp

Filesize
192KB

Download
memory/4156-2-0x00000000022E0000-0x00000000022E4000-memory.dmp

Filesize
16KB

Download
memory/4156-3-0x00000000022D0000-0x00000000022D6000-memory.dmp

Filesize
24KB

Download
memory/4156-5-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/4156-9-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/4156-8-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/4156-7-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4156-6-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/4156-4-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/4156-12-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/4156-11-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/4156-14-0x0000000000400000-0x000000000055B000-memory.dmp

Filesize
1.4MB

Download
memory/4156-15-0x0000000002300000-0x0000000002330000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads