c4bea3df52f2813fa0677cabedcac644965596d5ccf4b341c9c21c57a1688654

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2024 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
Size

35KB
MD5

ee118201674e897c181b8fc82c7c9cb0
SHA1

1d794ce7803b32b1ef9c86fff2f6178444d3bd98
SHA256

c4bea3df52f2813fa0677cabedcac644965596d5ccf4b341c9c21c57a1688654
SHA512

0fc1fec146c3e4a64cc6309066a855d5bb0e611886ef79bec0825bcd6e2abc9f5b1299e306af4ebf2256c1d25d7f1c8e59375018d3ae9fe638150e5c5adba5b7
SSDEEP

384:umlmnjptCkQHjttlgAoWmn9KEmxudHjLf45+/+UfvlRux9eT0pqfAxg3+jEZWKgi:umlmnjpMkSej4zxudHXX2jiZWHi

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
03704132

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\AppData\\Local\\ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe"	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4760	ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ee118201674e897c181b8fc82c7c9cb0_JaffaCakes118.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4760-0-0x00007FFB45405000-0x00007FFB45406000-memory.dmp

Filesize
4KB

Download
memory/4760-1-0x000000001BB70000-0x000000001BC16000-memory.dmp

Filesize
664KB

Download
memory/4760-2-0x00007FFB45150000-0x00007FFB45AF1000-memory.dmp

Filesize
9.6MB

Download
memory/4760-3-0x000000001C1B0000-0x000000001C67E000-memory.dmp

Filesize
4.8MB

Download
memory/4760-4-0x00007FFB45150000-0x00007FFB45AF1000-memory.dmp

Filesize
9.6MB

Download
memory/4760-5-0x000000001C720000-0x000000001C7BC000-memory.dmp

Filesize
624KB

Download
memory/4760-6-0x00000000015B0000-0x00000000015B8000-memory.dmp

Filesize
32KB

Download
memory/4760-7-0x000000001C8C0000-0x000000001C90C000-memory.dmp

Filesize
304KB

Download
memory/4760-8-0x00007FFB45150000-0x00007FFB45AF1000-memory.dmp

Filesize
9.6MB

Download
memory/4760-12-0x00007FFB45405000-0x00007FFB45406000-memory.dmp

Filesize
4KB

Download
memory/4760-13-0x00007FFB45150000-0x00007FFB45AF1000-memory.dmp

Filesize
9.6MB

Download
memory/4760-14-0x00007FFB45150000-0x00007FFB45AF1000-memory.dmp

Filesize
9.6MB

Download
memory/4760-15-0x00007FFB45150000-0x00007FFB45AF1000-memory.dmp

Filesize
9.6MB

Download