a48913d430afe4a862347967a0d5057dad9402e6cad2632a1f1dc6e211f9d933

Analysis

max time kernel
143s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 10:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

62eb8e4fb78136377ab873b0bc17be34_JaffaCakes118.exe
Size

390KB
MD5

62eb8e4fb78136377ab873b0bc17be34
SHA1

1ac5e044ff23b640f95f7074fc872085e6df7a98
SHA256

a48913d430afe4a862347967a0d5057dad9402e6cad2632a1f1dc6e211f9d933
SHA512

51b802d02234e9240036f595f12ad55a74e0d3c1550c98833685261c4951e422b331e699170ec60b90403200dcdeaaaf49211dd1af24dd0485aecb99347f27fd
SSDEEP

6144:q752R1fAlWroZWSIj2WSfH5yMrbEQl1qJ4/FefHuglbZ8Jin/laBD:82R1YlrZbfH5xgQl1M40Ht78JiNaBD

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\cmrss = "C:\\Windows\\system32\\cmrss.exe"	62eb8e4fb78136377ab873b0bc17be34_JaffaCakes118.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msbdc.exe	62eb8e4fb78136377ab873b0bc17be34_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\mscxa.exe	62eb8e4fb78136377ab873b0bc17be34_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msgfb.exe	62eb8e4fb78136377ab873b0bc17be34_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\msbcb.exe	62eb8e4fb78136377ab873b0bc17be34_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\62eb8e4fb78136377ab873b0bc17be34_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\62eb8e4fb78136377ab873b0bc17be34_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\msbcb.exe

Filesize
186B

MD5
ddd7b9de2762817229b19dcca8e0c7ee

SHA1
709f7e1d87760ac2fd5423af466ddfc04090f1bd

SHA256
ed0c11884bf8d6680a7b9d9f96795df47aeaec1390d1d27acc228f80199aa72a

SHA512
80af0d507dcf9daed8bf0e967618a5fc4b5541076527f8b3af458b480bbeb060ffb6d2fc6c54eac1c2aab7e18192b8a00b8b4e9ae3dfc8cb809bcac1b25d86ec

Download Submit
memory/2304-0-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2304-1-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2304-3-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/2304-7-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads