0e35bfcc65d8cb1d5a083ced6a0a296d3ae50800cb4a749edafcb9807f07b16b

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe
Size

58KB
MD5

38bb6a90560b1bac15a03a0867a231e8
SHA1

e0e2a8bfc9f363fa4ac5ca26d528ddcb50d7a2d1
SHA256

0e35bfcc65d8cb1d5a083ced6a0a296d3ae50800cb4a749edafcb9807f07b16b
SHA512

58703802aaf7846897005d612d24efdf16a9204adaa8060b28b53f1963467e6d525b686e5232598733cb880298c6de57245146eabfc51b8b1ca643986de86400
SSDEEP

1536:HTdEtmznUkJTbcBPQtXCUP5rKdQz4nBxP5liFkyO:zdE0znnbpDlszeFky

Score

1^/10

Malware Config

Signatures

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC6ACE5C-E6F2-4B59-9F5E-4EC5028CC257}\LocalServer32	38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC6ACE5C-E6F2-4B59-9F5E-4EC5028CC257}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe"	38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC6ACE5C-E6F2-4B59-9F5E-4EC5028CC257}	38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC6ACE5C-E6F2-4B59-9F5E-4EC5028CC257}\ = "bhzzcszerkshhtbr"	38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1964	38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1964	38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\38bb6a90560b1bac15a03a0867a231e8_JaffaCakes118.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1964-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1964-1-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-2-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-5-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-6-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-7-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-8-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-9-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-10-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-11-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-12-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-13-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-14-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-15-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-16-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-17-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-18-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-19-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-20-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-21-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-22-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-23-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-24-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-25-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-26-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-27-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-28-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-29-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-30-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-31-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-32-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-33-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-34-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-35-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-36-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-37-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-38-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-39-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-40-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-41-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-42-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-43-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-44-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-45-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-46-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-47-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-48-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-49-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-50-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-51-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-52-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-53-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-54-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-55-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-56-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-57-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-58-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-59-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-60-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-61-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-62-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-63-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-64-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-65-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-399-0x0000000000280000-0x000000000029E000-memory.dmp

Filesize
120KB

Download
memory/1964-2052-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download