10acf23ad72c3786aa27ed5463c441fa287f82ba41664dbb0bf609f160ad46eb

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a153ec4db0760140ce913c6ae071e5c5_JaffaCakes118.exe
Size

48KB
MD5

a153ec4db0760140ce913c6ae071e5c5
SHA1

dd317aeebb2dc02263dd90084f3b6ea83900b49b
SHA256

10acf23ad72c3786aa27ed5463c441fa287f82ba41664dbb0bf609f160ad46eb
SHA512

f1f1535dc5b17614f6ddee174f97722c689ae0e477a7e04232e15314a7f5a4f0bf701459bc87bba312a87ba77680d8575413853c2d7da429d5bf6907168da170
SSDEEP

1536:3Ex00EZas/1dLmmrlbl0kkGIXDiQS/K2o8MDCytnouy8D:3EwKEdl0kOTSE8stVout

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2276-0-0x0000000000400000-0x000000000047B000-memory.dmp	upx
behavioral1/memory/2276-2-0x0000000000400000-0x000000000047B000-memory.dmp	upx
behavioral1/memory/2276-7-0x0000000000400000-0x000000000047B000-memory.dmp	upx
behavioral1/memory/2276-8-0x0000000000400000-0x000000000047B000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\c7c5cedcc7cdc384cfd2cf = "C:\\Users\\Admin\\vmgi.exe"	a153ec4db0760140ce913c6ae071e5c5_JaffaCakes118.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2276	a153ec4db0760140ce913c6ae071e5c5_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a153ec4db0760140ce913c6ae071e5c5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a153ec4db0760140ce913c6ae071e5c5_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2276-0-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/2276-2-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/2276-7-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/2276-8-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads