ad582087a9e831f6a0c650a485d229c7121da9dbcd46bb6b3dcf5d4357929718

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11-08-2024 13:15

Target

8a7f559ec10e89ad12bbe9a343b2d663_JaffaCakes118.exe
Size

9KB
MD5

8a7f559ec10e89ad12bbe9a343b2d663
SHA1

480581b6feb29f533b6d01a6e2eb938fa41ca422
SHA256

ad582087a9e831f6a0c650a485d229c7121da9dbcd46bb6b3dcf5d4357929718
SHA512

71d28ae3d04eddd3e2f06b957008509c212a8c8c9f177f5ec862c46513d3eeb5274ef3222130f555633f46a71741a6ac3cb9da2c8982950d1bcc203fdcf10a9a
SSDEEP

192:qnTL5341b8R4DHrPXLOodr9u1/KVBK7lR:qf90b8CPvbd41/GK7l

Score

8^/10

persistence

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

Active Setup

Modify Registry

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{bfb88400-3730-8c85-8c85-48411d990dbd}	8a7f559ec10e89ad12bbe9a343b2d663_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{bfb88400-3730-8c85-8c85-48411d990dbd}\StubPath = "C:\\Windows\\system32\\icm\\lsass.exe /t"	8a7f559ec10e89ad12bbe9a343b2d663_JaffaCakes118.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

Peripheral Device Discovery

System Information Discovery

description	ioc	Process
File opened (read-only)	\??\e:	8a7f559ec10e89ad12bbe9a343b2d663_JaffaCakes118.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\icm\lsass.exe	8a7f559ec10e89ad12bbe9a343b2d663_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\icm\lsass.exe	8a7f559ec10e89ad12bbe9a343b2d663_JaffaCakes118.exe