da1bf0805cca5ff663a7bd77d93a69b540c3c98b735c6056ae0544d4439a5a02

Analysis

max time kernel
139s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 12:49

Target

633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe
Size

87KB
MD5

633da74d4cf9296b91557a20acbe4897
SHA1

d808a743eb2ce4fd1ec9ac7db76441050f40ba37
SHA256

da1bf0805cca5ff663a7bd77d93a69b540c3c98b735c6056ae0544d4439a5a02
SHA512

56ed52fabd191036db8a76d6a9aeda96d50db59a56554c9911b142dd494f3d0bd7988373e34d34f8f9b16b19ff7d6b1e067f8807f9418826b6e6fd92b5d447b8
SSDEEP

1536:4L/IV1t+0Z/won4z4b75JjrQHyt7qbW6vdRLWIVTpag2uk2:7+0WonQEJjk2U1LBV1quk2

Score

7^/10

Loads dropped DLL 2 IoCs

pid	Process
436	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe
436	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\Mfc42.sys	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\Mfc42.sys	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\Mfc42.tdm	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\tray.cur	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4168	436	WerFault.exe	83

Modifies Control Panel 3 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\Cursors	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\Internet Explorer\\tray.cur"	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1935655697-1844237615-839522115-1003\Control Panel\Cursors	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
436	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe
436	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
436	633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\633da74d4cf9296b91557a20acbe4897_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 584
  2⤵
  - Program crash
  PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 436 -ip 436
1⤵
PID:2184

C:\Program Files\Internet Explorer\Mfc42.tdm

Filesize
58KB

MD5
9f776c2b92c5410be200ff1d81a5421e

SHA1
bbcdbdc3083a8a87c7322209cf40250876f7c605

SHA256
025237af24964d421eb6e4e93948e32396f76f0678e11058498a468e10e8b309

SHA512
467d1e13719faf93430d6680ec0e7a0a76bf33e72502301798b1b01a9eb75609c238a7e17a352de106477396dd8017a7264622c5c21d51fdcb2466db3bb6b1d4

Download Submit
memory/436-7-0x0000000002950000-0x0000000002963000-memory.dmp

Filesize
76KB

Download
memory/436-10-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/436-11-0x0000000002950000-0x0000000002963000-memory.dmp

Filesize
76KB

Download