Overview

overview

10

Static

static

3

JaffaCakes...0e.exe

windows7-x64

10

JaffaCakes...0e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2025 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_d0da8135857c0fcf60dfe3876e78540e.exe

  • Size

    678KB

  • MD5

    d0da8135857c0fcf60dfe3876e78540e

  • SHA1

    f3b45ff87192b2b2a9566e8555fe8cc7f388793d

  • SHA256

    edd9591cdee85a13fd3da4a1b9220b87c7c1ec1be671bb6764591f0ccb950d6d

  • SHA512

    268ea94b928b70f74b49a7f405ee7f00c181e37538ea128757c26836bdc9d8766e256f26415c51f2c35e5b2408ab48c6d181eb19c4665794f71648a5f8f368dd

  • SSDEEP

    12288:TIdZTfS73Xv/D80qhuiCUE1dcFHhY5aIAEir8FbsPbT:TfLiCVGFBY0I2We

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 8 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 42 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 40 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d0da8135857c0fcf60dfe3876e78540e.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d0da8135857c0fcf60dfe3876e78540e.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4284
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:4224
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:1972
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:1856
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4776
    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:884
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4580
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:932
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:3716
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:4644

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      1.9MB

      MD5

      6be19edffcdde55ae9fe823a209a3efb

      SHA1

      752c72add18bb412004f7dbb9b0cca54eb089d3a

      SHA256

      4adf0dc2d364fff2665f9ccabb9e44b6f471fa7db58d7edd814a5d32ec06f86b

      SHA512

      7e8f5767ff95a59dc4a345f3610d46dbdf7adf4e55318d0ab0f399f5e141dfc587b7d529cb191b1e1f0b808ac20dfead32ac9e73a84a06caad563d000fc66941

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      621KB

      MD5

      30d78638ebd506823da5b40d4f452386

      SHA1

      fb69554ef8ffc8403b9145cea5b9d0b69757a14b

      SHA256

      a5e4ca4570900ea8baab59f8da3f2f42a4857ed8c93a9e0b95c36cb52e87466f

      SHA512

      e8313966a9a1cae9596d7242f7164d0c5037db71a8925bed6dbea7570f5436ef9c3786bf7b02e6ab48a127f1cdc188d1aafffb0ecd82851cf755d65f5b9b37f0

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      940KB

      MD5

      4e4a31ff8587999149e3a5c1cf1b3fd0

      SHA1

      dc859ffed20448eb45b9cb11af00abd41700f083

      SHA256

      3ef3e9a968f8d08c0d8d398cf324c5eae4ab1b04e691dfd7ab25c83598833424

      SHA512

      06edf08c7b7dd38c65075ebedbefd1cb8318a080e97c9e164745814d55d2e1f8d564c29d7a2b0688dde6c84683a73c909dbd091c593a2bb6a78cbcebd222958d

      Download Submit

    • C:\Program Files\7-Zip\7zFM.exe
      Filesize

      1.3MB

      MD5

      cc307d18133eaec1a9b46e202c866d07

      SHA1

      def536c0a9750b6e1debc5b3d823a660bb2495a6

      SHA256

      29e65a220b41469c57b1a891135aaceab73c0ff185e83642bedfd851641ea160

      SHA512

      0f1d34994740f6a7e8ccbf2596bbc13e0e74e4e370925a5c4bd83be9b58ddc7778b14832550fdc0c95400d00cf9167136ae7417093a5dd912eed2b252e568fa8

      Download Submit

    • C:\Program Files\7-Zip\7zG.exe
      Filesize

      1.1MB

      MD5

      2b148841f5c66a0dcd101a7ee69a75a2

      SHA1

      54f230ae0df12aa732728e28fe9b97b3a8625e3f

      SHA256

      bc4a5f07e0b00b3ab44ba5c86b23dd9668603eaa3819ce7420518215706e4329

      SHA512

      5b507a0bd1862c115a9038a3c60b15c92966071848f30f13b129f297d607c9b3e500f730e44e5f719f5926bab450f6f2914138f479320f82cdef298d698cba3b

      Download Submit

    • C:\Program Files\7-Zip\Uninstall.exe
      Filesize

      410KB

      MD5

      dc5e3428452ec0b473a175facdc0437e

      SHA1

      711eb31654ead54384e428c2efa11c8fa2fcc359

      SHA256

      50cd2b38a6306c561d9da5b86f85d6b7c4611a784ecd2f9daef1b0518e045e2f

      SHA512

      f6eee2a89836b56321903a94d79355a878dbf9ba5b3668d5a8f66491c8333ba0875d333520672ac6b809cfe0595322541b6ad7115221105fa2993448344517e2

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
      Filesize

      672KB

      MD5

      fdaf0d5600e3eb2c58a2228f18a6f5a4

      SHA1

      00ad7684a10786dddf2b69dcc83a68912da14974

      SHA256

      f0171b533f463f636e09f991d9f35228ec485fbff308e66f67e26b616c9b6b7b

      SHA512

      3beaba556836b748368befc744db6d2ddbba6fc94baf9f1f46063ba609b7179be96c9ee03f17d8fe8713902730fb142432b657b9624aaf0def97e72f7551f019

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
      Filesize

      4.5MB

      MD5

      9c7f0a2376509309aac0d28350a9750a

      SHA1

      8ef95933719d0d7ad5eccef844bd35c47544081e

      SHA256

      60f77c2d0836e08cc0e8de1ad842f6817ce4fc8fdba8915a6e2c3b5183d2189f

      SHA512

      c08ab5d006756f93edb3fae38810e17fdaf0aa4738acae00efe6941315b1c506db26b948118f1ad60949614058cf5ed905fb36634f4ac351e04912270cab8b2b

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
      Filesize

      738KB

      MD5

      dac0d3b674d362e18c4a208ec605ab00

      SHA1

      b825aa7a2e5bf486455b572124896e90328786b9

      SHA256

      a7ceed649634ab4f0d1a5a0ce62b12c52cbbed2dd3b6101b0b9557caeb7e69d6

      SHA512

      52681a1f1ca8b32a5204918755090f806c41776e9e9b72557eb53c985d70c5277f2a99ecc887a17bd63486196e4f331916a9e96b0564c923156f265dc5a150d0

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
      Filesize

      23.8MB

      MD5

      8d80f8f0b4a350f72dbdadd3999c3d45

      SHA1

      18c2acac26913d92943cbb6ae7e60931d4a594c5

      SHA256

      de85322971d8197d942f2c706b3ea1e4a5875079358472a78b4efbb6e4c0e9e4

      SHA512

      f32f23c67468bcb8cb5d9700f37462c508a399d8377274257ee6452e56d36174ffecab4423f265e8f51b28323fa4628293a30ea9378483e1892b704e337579db

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
      Filesize

      2.5MB

      MD5

      b9b801a0e754ebc4f0f64a46e9eefe4f

      SHA1

      d316ef7adaeb079238a5a59211fe979534131f72

      SHA256

      0a8acbd3e2f0e5b742a363d9742c43bc2c23e2a5c04e8f1094d888b1319efbda

      SHA512

      c26a9c31e0228c02cdb8a93285731d6a9949521f9c074cba9f86c0fb3c84248333092c4a91d389b873314abf8c1351ccf861b645bf16fd3866a7365435ec6925

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\jdadcieg.tmp
      Filesize

      637KB

      MD5

      83ce2c612a82865a6f1b89a3d5eae2c6

      SHA1

      fbe9c9c7ba16605cd77ca8b69ead5ecf5bcc31f1

      SHA256

      4dfff88468bbb1b40700fe6592020fb6b55317d61404d85803b1bf06d439d3d1

      SHA512

      df5c8cd7bc07a692064f4d6b34e39d09b8d87f2ef5b7605d5598399acc4d91c5fb73feb1e807a324810d2df5ea09ee58634cbe3c271cedc9c0c2a66fae05c3af

      Download Submit

    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
      Filesize

      2.0MB

      MD5

      5bd09320347aeee474554ce0903d7d53

      SHA1

      85023655c30c47afb928881dcde21c90a1700d91

      SHA256

      0b88791e456cde8347e42ed4560f90e2cfaa9822298880c197308a9dd9635f45

      SHA512

      e3569a428d1e4c4979967cf2a2f372a705ebb5a569e3429f50989bb3a0a1ebc389810d22507d3498a081329b471facf867547d5d9553d7d03a79983134134961

      Download Submit

    • C:\Users\Admin\AppData\Local\oroipbbk\bnbhdjad.tmp
      Filesize

      678KB

      MD5

      7a7385b48b9e654fcb0bb1b62edda9c7

      SHA1

      490898dcfc218656770de736182d2b451aa49805

      SHA256

      d884c61cb716740b6cc341410accc6f642847cf9e0e0ee3231efc4c09105d141

      SHA512

      4ce337b383c83a9099627b640bd915e8c0e0a5a826f56a6d7701a8d963815cbaa82ce0d22c901c43cfb43f2ff943ac3169530d8e32cb5680eb70c91d38b3dbf2

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      487KB

      MD5

      5a5fa86b11a3381004ab53bdcc00fdb6

      SHA1

      f42127202a87e258ee4b116b8dfcf9315cd6f8e9

      SHA256

      b498131cfd128ac012aa5a1f26bfd9e1ec8002a28e88d06cae9db79d02c5b1e7

      SHA512

      7c8ec62e1816cf5bc93c187876708710ecb40ccbd6545ec3aafe23e60b624524f3b49699aacd55e084c2af5d3ddfc63bb7572f10dce09633edea72ffb2402308

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.0MB

      MD5

      52f903572adbd9fd5d00d1cd00f89333

      SHA1

      6189395d00c9a69e636b03e7e5055e6b69b443fe

      SHA256

      b4a124918a857119b555f2c06f670c3a9dd9be51f49c539c358afda3c7ff50f5

      SHA512

      c16de2ffc9cb3b3aed2eff93083cf4ec1010fbd5ce6eef6c51293dc2bbbdf5e92f4c0e24d6cbe8af4a416ac4e7b233dc65b28d9e3eeb48646709985fe0287fb0

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      489KB

      MD5

      c5500070d784662f98b6f8666e93af40

      SHA1

      f50a22eb0488ff817f55888f6d52f57de1f659bc

      SHA256

      78d5d8275255c5ed5e5b8b15e226e815bb63925e53185e4392c60eb8d6546bfc

      SHA512

      6d3643337b35a85ba882996c04b872ea2dc4901eedb3898565c3d4ddbe7e7535cd4090dbb70dff9c0f0340f1586b14ac3675dad0a183155ff08210769ea66fff

      Download Submit

    • C:\Windows\System32\msdtc.exe
      Filesize

      540KB

      MD5

      f1bc886e9d53931a3aa09ac4a2f9affd

      SHA1

      089447e633cd6afb44819e642248d48456ddef99

      SHA256

      3a3c971749969a6cef67720fc409400c576df196c7dab5855eaadfdadb84b33d

      SHA512

      babcb3f3adcf6b7a33363407cce72186d5306748f3256e83e9cceb7ad865a3e2d58c969d1e3416872d540d67d40e3521c820ec8a6f9d135d8054549694accd6d

      Download Submit

    • C:\Windows\system32\msiexec.exe
      Filesize

      463KB

      MD5

      1f0b44a90373e850800aebe3e0bc25d3

      SHA1

      025789b934a0fc8a2092851ad851723112d05025

      SHA256

      8c258b03ace43d5bde38738e606c1b5fb9223e43b1c71203954f944695175060

      SHA512

      b0c6098ecd86adce1417fc4a76ad85a0cadd9f6ff3ca53e46798aa67fcb5b582a645b47b7b222def4d30769731998aad14cc783ff0e864bddf09f2be6221d979

      Download Submit

    • \??\c:\windows\system32\Appvclient.exe
      Filesize

      1.1MB

      MD5

      f1279af137d29b85058aaf6aa4600195

      SHA1

      1a574fd4fb86fa96bcdfa51c06b849580db4adfa

      SHA256

      9ff5e1ae6cf2543669466b07176a7d797ae705b120359bf5bd532f3b0f01f163

      SHA512

      b5fb98e64bec8e349afbe309fb2215f7383e7fec30c98a343f9edd803a500b6fb0fc4ad2ecd4144dc428f1608a241e513f24c9f0befa4d277c2951fc6852d758

      Download Submit

    • memory/1972-69-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1972-29-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4224-17-0x000000014000D000-0x000000014001C000-memory.dmp

      Filesize

      60KB

      Download

    • memory/4224-58-0x000000014000D000-0x000000014001C000-memory.dmp

      Filesize

      60KB

      Download

    • memory/4224-50-0x0000000140000000-0x0000000140136000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4284-2-0x00007FF7DCAC0000-0x00007FF7DCC24000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/4284-0-0x00007FF7DCAC9000-0x00007FF7DCAD8000-memory.dmp

      Filesize

      60KB

      Download

    • memory/4776-42-0x0000000140000000-0x00000001401C2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4776-36-0x0000000140000000-0x00000001401C2000-memory.dmp

      Filesize

      1.8MB

      Download