Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
22/07/2024, 11:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe
Resource
win7-20240705-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe
-
Size
100KB
-
MD5
62fc5337d0d7302425a2df049be40e66
-
SHA1
42ae30a6cdbdd028c157d29079ae92a1c16d0f7b
-
SHA256
604e78d3163fc382a04d3f91a3faa0eabd2b4fedb15d392dd7558837ee118f95
-
SHA512
9ff6b6a370ba75219e5b087eab746ae69a120d4091791a551b58ab8dfc474e0d2b12025fe37d6a1c8c11ee99e2e92f4b6576057ae577e859e5c0dfa232b28445
-
SSDEEP
1536:7PtGK82NTzwTMGAc4ohrPXo+73Rez8b0Sy2NIjnZMd:9wGurPX7C2Cned
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" 62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" diufub.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation 62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe -
Executes dropped EXE 1 IoCs
pid Process 2128 diufub.exe -
Adds Run key to start application 2 TTPs 53 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /T" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /d" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /j" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /E" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /Y" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /q" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /L" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /O" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /f" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /X" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /C" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /Q" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /H" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /G" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /Z" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /w" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /P" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /k" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /e" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /V" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /c" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /a" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /q" 62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /B" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /t" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /b" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /W" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /g" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /K" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /v" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /s" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /S" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /A" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /U" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /J" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /u" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /x" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /R" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /h" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /n" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /D" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /I" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /o" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /z" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /i" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /y" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /m" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /N" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /p" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /F" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /l" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /r" diufub.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diufub = "C:\\Users\\Admin\\diufub.exe /M" diufub.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3896 62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe 3896 62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe 2128 diufub.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3896 62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe 2128 diufub.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3896 wrote to memory of 2128 3896 62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe 91 PID 3896 wrote to memory of 2128 3896 62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe 91 PID 3896 wrote to memory of 2128 3896 62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\62fc5337d0d7302425a2df049be40e66_JaffaCakes118.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Checks computer location settings
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3896 -
C:\Users\Admin\diufub.exe"C:\Users\Admin\diufub.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2128
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
MD522a24f5559bcdddd85dd35ae76078c08
SHA16dcf690939eebf8ac1f9b895048062894020e3d4
SHA256a4c464a9ef6550b01415ec157c7c23c1c9cec96231a0c6ff8c864e1f3804f1e1
SHA512ab44b6d20bd199ddb6e6d5ca7381cc77a76ca6b0ad17866d7ab5cdab51f80c32f29ec302f6f1419d3a9d389ce4df979b259ece5ac10bf9467c9c69f2caee1ac4