Overview

overview

10

Static

static

3

JaffaCakes...86.exe

windows7-x64

10

JaffaCakes...86.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2025 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4964e20c78ec9af68bac8a4684fa1b86.exe

  • Size

    959KB

  • MD5

    4964e20c78ec9af68bac8a4684fa1b86

  • SHA1

    ce11c2a1775b1fc300bdf5caae2fd3e3a654dab1

  • SHA256

    b98b4a58ffc62e2300baa88e627c709a0b8a2eaecfecabe9f93a6b3db4902b23

  • SHA512

    9a284ba56e8e1a226179e88a49ff7e9a5b361bbc845aed4beb38e2aca81d7313270d2f9a75760106a0043aba83aabd3c33be18bb1ac2756e03f2a641988748f7

  • SSDEEP

    24576:vPfAPgUYrPXPWeB7S53PW6DmIUVPulHTb9OLf:vXAqrP/WH5/WUmIUVWVTb9OL

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 9 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 42 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 8 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 40 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4964e20c78ec9af68bac8a4684fa1b86.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4964e20c78ec9af68bac8a4684fa1b86.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1364
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:892
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:3944
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:1036
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:536
    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2404
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1780
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:3604
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4828
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1996
    • C:\Windows\servicing\TrustedInstaller.exe
      C:\Windows\servicing\TrustedInstaller.exe
      1⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:924

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      1.9MB

      MD5

      aae541f66f8d7cfba778118461db1c2f

      SHA1

      55a1ea360843a3fa734a6528ea584beef3b0b9ec

      SHA256

      3a5312c3ed20e743f26d29cb33486f88037160e8f905f87cad957e21879bdfe2

      SHA512

      31e5f2343140fc6c6dc989b82200f6c77621d83eb4bac0db56996a6bba697c29e0aadb478c6a687e616b702ac443aa3cdd995bf694d08a5d1cd2a140b2401a34

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      621KB

      MD5

      6eb5c3b327142ffd8658c55162116561

      SHA1

      f0218c95c61d34b1cc6e5592e87012965afedbd2

      SHA256

      b1c3fd523157c49594235a18962b744fe8e3f4cc2234f3b359b6891090a67ec3

      SHA512

      8a81de3ced99918542b19133ba6a5f1d425d1392212b8a00f42d4e9d5a7dfe0c2be92cb7a44fb4211c34af51379d671418efb88202ae61ff67d6a45f24a11581

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      940KB

      MD5

      6ccaf6110363badae2e65aea9d36857b

      SHA1

      e302e8d257e48b5aef25bc140090484dca684cd7

      SHA256

      1487b2e229eb776d88e6b6e53f187e3dabb299819895dae6b93277897460f976

      SHA512

      71a71809a78a804a24681a0dab19db732d2fd636bcec5d65d26996b2a82959cb3dfc44b97e9aeedc4aa8d8825757032c7f1f33a63b6708537e08d82c5d5bcefc

      Download Submit

    • C:\Program Files\7-Zip\7zFM.exe
      Filesize

      1.3MB

      MD5

      8c0a85296ac879a406a9ddeb1737013c

      SHA1

      8dd0abf3b100744c0226ebcec5e4c7cc3a2560ab

      SHA256

      fc40271942719eec4a5a2603eba2430e72c15d76a73b45636579d0b4dd0e2963

      SHA512

      ebf941f864d5978565a363ecf23462f0ea747b7d5b7be6c86b25fcfdb5076677918fba2f48f74b361a2a24105806d3c9723b3c93d2be1fdd46921cd0f2c1373d

      Download Submit

    • C:\Program Files\7-Zip\7zG.exe
      Filesize

      1.1MB

      MD5

      f90aab78c63f7af86d51b8021b68dcec

      SHA1

      0792ec85079ce8d92a14e808c569a5dd350e2b3a

      SHA256

      5d7f1932d4a790e45078b71ee64354bd2adfed399262c08a0a9bf5943158f4af

      SHA512

      c26bc995a680ff4d9fe15d37c128d5d0671b1757f443d8fcaabd7a0bc6514cf2e60af34a6ebfd08baa54e592d9ab741e050863cb04d633ac0a39ffcbe339652f

      Download Submit

    • C:\Program Files\7-Zip\Uninstall.exe
      Filesize

      410KB

      MD5

      f66ebc15ef94582ef3d8cd0fba4eaca3

      SHA1

      a8ff1098c01b8279870c7663f86e7f709a122cae

      SHA256

      0b8f9a72413675dec4abf3d946644a0f768db386f11615903e8bc3bf1866a314

      SHA512

      f2d4af61311b189d32f4e932f161d8a35c3c7804db8e4d112910661524f61fd75cfa72c25e115da6d56ae5370758fe24473f36443c9620aca6cd4fa69215a0f4

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
      Filesize

      672KB

      MD5

      b568caa36e5947581a9720dae971afe7

      SHA1

      b104cc36db5b4db1b7f9c2edbcddb140282f061d

      SHA256

      b123e061a2c9d9c3a7722d1181a86f3e699c15ce5fe269a67b873234865844a2

      SHA512

      59f3281a052a63e4e633020d9db14122788aacb26249a4b43d639aa45d93be40cd98ef00e24be20642a08943464755e5de1ce0e7b038305fe51cb360cbfdc1ea

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
      Filesize

      4.5MB

      MD5

      2ef251de30742387ee54d99215e7c0d8

      SHA1

      703850acb2f39380b69fa8312b994c12cb3d32fc

      SHA256

      c1f58047f8490b7209ebf8dccf383ad380aff8a6775bf14f0eb9dfc14f39dfba

      SHA512

      1bcf5839c0fd5ece7866b4b0404168f1fe1c2644d349e9a40ac693d8cb51bac1c4522c2a3d949b333afe0c6850f296b7ebe5d787f0fd717754000aa38a10737f

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
      Filesize

      738KB

      MD5

      fdfc4a1320310719ca5335e58c5972ed

      SHA1

      5d0765964c3a0433efcbe40cb3ae9682922f9f6a

      SHA256

      8036a74a98ed099389fc7682c11fac41171d17bdb7d0f16cac2e12585bd846ed

      SHA512

      a62370c0f68f144a8eff429c4cd308c346f3901e8a41c96a78b301acf8af40b5bfd5813e0bc1f3b2ecbe817bab42db1e72d2f977638f5e17896d3f61f634e67d

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
      Filesize

      23.8MB

      MD5

      37576d0f8af3e7f93e8b5db968306b75

      SHA1

      3d6fb60acb99c5dc76ef480bfe9097899bad3b4e

      SHA256

      ca8111ba79f9f5c65bab25c82c14020985bee40bda97cd6789ffce24ee532185

      SHA512

      11eddffc3cb8fb45b34c660a2c0ea9247ae6ba87051df589aedb854a91910b82cdf3da2bb8177e89e48e925c9871e4bad0419102fbc3f65b82f942126b825b62

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
      Filesize

      2.5MB

      MD5

      a21750f4b43b346d322d7fde343aefe2

      SHA1

      f47a6263ac0ee670b6e2293675fa4aff5070c53e

      SHA256

      147e9cab3f0c3c60d40cd0bef7792b20e9e3edc9520678dfcdb87364ac9c99d1

      SHA512

      7e195356e0f0a751c42dff719a7ae87069eb71d9ec6199808d61dd71dab1955e22145d1f5d253a5968ae524909209b3f977820a06df3883c0a5ba5fb3b1d31f3

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\bjjfajgg.tmp
      Filesize

      637KB

      MD5

      c3c01c7aded8e3d803465eb505f7ad46

      SHA1

      6710fd217607ba4f07f6064008da1b9b781a93f6

      SHA256

      ac9905c9b4f3920932af310e63e2ed7fa73d28ff24237295ee6555e4e574a258

      SHA512

      d3ac339d17188f3e04bbcde45c824de03fca4c6f17be45ede3e5cc6e0af0caf0f07ed75cb6e42f023de87fcf3dc2aaf5fcfdd3cef7f8dbe6647c5846afdc2afa

      Download Submit

    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
      Filesize

      2.0MB

      MD5

      55e60e4dab3a026ff15d8a33fc67f564

      SHA1

      3009af023d76739de13550d8482ef86924e3ddfc

      SHA256

      4cebff1d8aafa86beabf08f041dcba746576a64d9071ba1ef6779febe1e0f2fc

      SHA512

      2d424a47037df23f69310579d7f802f6e8c8082ccb628d3e71b69a81ea637a7b6d52e2d3290c9831a97039b37a910f25f051732f12315de8d4c0d2130096028e

      Download Submit

    • C:\Users\Admin\AppData\Local\mpejrcai\qncbpqei.tmp
      Filesize

      678KB

      MD5

      665b8afd15ec230f839660dc8c4d0490

      SHA1

      d1c9491bb0c918ab729be40bcec48e37cf28313f

      SHA256

      11295a5864428628160c4527828a7295d90e7342f642fd9f71c5d508f1a5811c

      SHA512

      78f8664ca5718a86707db474fd7da17cb2bfa1e83e836387f3efbb086919f7f89fb96343cc04214a46f754298a0d1eca221680561fcc7c62ba99e306e451bb83

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      487KB

      MD5

      f4a774c2b09f9394029beec25906d5dd

      SHA1

      70cf6ddfeebc665d3d7bef13da8b8d9b329ecdbf

      SHA256

      3bd91f4d8e3577a3ccf2f2f69407608291acdb3c643fde0e0e441fde50574fba

      SHA512

      6465f17f0b4bb40b6fc9074a022b6ad5d7e50f20a13faa0ab817fbd23606a433176b134a2adbd6c0a0930590a8a49d9bd2b4297793b5600e2c75bee03c2ae5a7

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.0MB

      MD5

      ebb79fc214377ee8df4bd6e999b396c4

      SHA1

      49ad9600c40918ee58d3c575c14d02e6cc73c163

      SHA256

      b26ecc08740f3bbc0accad7e4845452d2c130ae32b2a7feca970977c8aafcdb7

      SHA512

      609290737bcae7c07d6a292802ba6ee84e437e8e66f91984d72c479e9f19e44dc3c60b4e595243113047af6f68aaf63c2ef96704d1922898c734a2732a4c6690

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      489KB

      MD5

      2481ef5f972d2b0b657d59f6d3ae7e89

      SHA1

      a416a0c94e30401da2bf8699f32a7ccecfda3845

      SHA256

      9bf41d8bba76f1a8d09eda1be6c41b6308cd9e3e0c55e5a5fc40e6deeb48181b

      SHA512

      e5d41cfe52f55bb9ece18efb8667fd721bdd91f48b74247acad2661ec3f9e2d63c4995a789bf5e9b4ba34ee6ab00fb0d77c44cc0c39e4c7f397b6e9838ebb1cd

      Download Submit

    • C:\Windows\System32\msdtc.exe
      Filesize

      540KB

      MD5

      b0067341b2bebad0b0b35319d128e5b9

      SHA1

      cc829983715596985c01281c4187a0a9979eeda6

      SHA256

      e042652443bd97e44c97194629104a1649c5958846a36ad01f8d2f035cf1f41f

      SHA512

      d8510d827c6c5d91ade6afc7598aa001ba8a54ea826f9850106e93fbee330da5ca5f66a0b746b5cfcd4ac0ee7c44bc0949f6c3532efb32e22074809013f5e592

      Download Submit

    • C:\Windows\servicing\TrustedInstaller.exe
      Filesize

      193KB

      MD5

      805418acd5280e97074bdadca4d95195

      SHA1

      a69e4f03d775a7a0cc5ed2d5569cbfbb4d31d2d6

      SHA256

      73684e31ad4afe3fdc525b51ccaacc14d402c92db9c42e3fcbfe1e65524b1c01

      SHA512

      630a255950c0ae0983ae907d20326adea36ce262c7784428a0811b04726849c929bc9cea338a89e77447a6cec30b0889694158327c002566d3cf5be2bb88e4de

      Download Submit

    • C:\Windows\system32\msiexec.exe
      Filesize

      463KB

      MD5

      0a8050ed359429fde4c49b2ba66dd780

      SHA1

      6b15475632e6de552fb036fbd04f84491aed60fb

      SHA256

      1bfc8b7ff145053c0c8418858728d950310cb9d865b06af3403936e34064da00

      SHA512

      dc40c4a56da7ec86c1128ca6973c88da175e1af603935da82164b41c2dc267d77b32735814cdbcb0fcf5b417ed018489d5fa8def4ff955e5ab0d03a2a5d7e77c

      Download Submit

    • \??\c:\windows\system32\Appvclient.exe
      Filesize

      1.1MB

      MD5

      cab600eb2b610ab79b2b90f62b874662

      SHA1

      ac00db8e20b1e7bf38e4660aa15e1e77ab97ddf5

      SHA256

      5f7b7fe795605e7ef11a995e90b48e81411a9f3748f82addfd21a8c9158a2585

      SHA512

      3b8900889bd476997d593c89e808f471083676732476449c57494ee6a0deeadd00375584cf1bdba1134a894ea88d657752bccc622c4ba390d6cb3709741b9679

      Download Submit

    • memory/536-37-0x0000000140000000-0x00000001401C2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/536-36-0x0000000140000000-0x00000001401C2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/892-67-0x000000014000D000-0x000000014001C000-memory.dmp

      Filesize

      60KB

      Download

    • memory/892-50-0x0000000140000000-0x0000000140136000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/892-17-0x000000014000D000-0x000000014001C000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1364-0-0x00007FF6F931A000-0x00007FF6F9329000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1364-2-0x00007FF6F92F0000-0x00007FF6F949C000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/3944-87-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3944-29-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download