Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
10-08-2024 13:46
General
-
Target
8649931b7b4dc33c2f8099a5b938aae0_JaffaCakes118.exe
-
Size
28KB
-
MD5
8649931b7b4dc33c2f8099a5b938aae0
-
SHA1
a3e767448e1d5b956cada9300a4df91f8a2cfea6
-
SHA256
a2be7fd93e2ee72e5513fb9738770ff721fc1eda63a73601529f7c88142ae8ec
-
SHA512
93ec2d16782abea21a6fdc2244e6dc7bb6d042b37906d69e88e077cd6af0fc04a2ef8429fbbab402dd7a47b894ad8e2112cda08622bcfe4a3d9bea76c05774e1
-
SSDEEP
384:/TwYrqgrAF1YtEEH+17X+4iJhjxqAt8oAdNBV1BV+Z46TklDp4hxFIg:/10mE6+VuzJ5wyAlV7V+i6T6uF
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops autorun.inf file 1 TTPs 4 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 3 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8649931b7b4dc33c2f8099a5b938aae0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\8649931b7b4dc33c2f8099a5b938aae0_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops autorun.inf file
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\cmd.execmd /c c:\windows\system32\regedit.bat2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
47B
MD57912e1992b7d70cec75b206af93d71c0
SHA135b235d1a4764e19fa4f37f7a95cd339436a79d0
SHA25619fb4b62c097917a13ad39e915b661560b0bf4b5578b128b4cb26ad886e5fba5
SHA512337058d6fab71ec09397849af6ff759b80578186fd19fe8f51fc19a62d19b75b2357566c38d2858e9584ec8e34c82e112c08979a0f8f87466c6c61aa1e0c2f19