265f4db3f2c052b6f7be099331ff230b849b11bfbfe365f22c12a93f11148dc9

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 16:11

Target

0b81f4e32d31b9d6e113f54dd2584e3f_JaffaCakes118.jad
Size

48KB
MD5

0b81f4e32d31b9d6e113f54dd2584e3f
SHA1

f4d1b8932640de83612a53cfb5cd9615e1181c48
SHA256

265f4db3f2c052b6f7be099331ff230b849b11bfbfe365f22c12a93f11148dc9
SHA512

6c02b7691c9d4c7b209ab78f5112e001e9afb32d453b2e7309c5f14352a574a1971f6d5a0b31134781fc1402fe3f384bd63b1770b18d6bca9857a5f98c606c76
SSDEEP

768:4OvRdZMoUdCICGfgsBY4fjob8w1pzVCBl/GSaDQdZ/b/smaEQB0Gbh3YYih4M5hh://UdRCGIsySjw1LOl/Hb072rYih4MTh

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4784	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\0b81f4e32d31b9d6e113f54dd2584e3f_JaffaCakes118.jad
1⤵
- Modifies registry class
PID:3472

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact