Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05-04-2024 17:10
Static task
static1
Behavioral task
behavioral1
Sample
d9c2993126c94ccfd546f3a9f3f84ab5_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d9c2993126c94ccfd546f3a9f3f84ab5_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
d9c2993126c94ccfd546f3a9f3f84ab5_JaffaCakes118.exe
-
Size
6.8MB
-
MD5
d9c2993126c94ccfd546f3a9f3f84ab5
-
SHA1
9fd3a5ef9d341b95352394d3795cd4efbb23c62f
-
SHA256
77ce302fda0f50d3ecbf90a2a66820038e92d191022be38b1ffe3988a8b8d3d2
-
SHA512
aeac9b7d02563c226d42fb506cbe1b49b4918d75d121022b380880cc0abfcdc2a497eb8dec1b1bb6a42406e592874aedbcb2fd82e575f0e20d92286bbe9f6d16
-
SSDEEP
98304:irDWx+sEyGH9uTxld4arwlwZ6szR4QR66CxVCiKjjnteQxNGJO1Ik9tItz2t4e:iWx+sUH9oXdfrwknr+VCvnteQaOIkp
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/1760-5-0x0000000006380000-0x00000000063A8000-memory.dmp agile_net -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
d9c2993126c94ccfd546f3a9f3f84ab5_JaffaCakes118.exepid process 1760 d9c2993126c94ccfd546f3a9f3f84ab5_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
d9c2993126c94ccfd546f3a9f3f84ab5_JaffaCakes118.exedescription pid process Token: SeDebugPrivilege 1760 d9c2993126c94ccfd546f3a9f3f84ab5_JaffaCakes118.exe