Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
08-04-2024 01:55
Behavioral task
behavioral1
Sample
e65ce22f7f71995d14d99ee0ee6e7cd2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e65ce22f7f71995d14d99ee0ee6e7cd2_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
e65ce22f7f71995d14d99ee0ee6e7cd2_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
e65ce22f7f71995d14d99ee0ee6e7cd2
-
SHA1
958b8c6302dfafe3c7945d33c345b6e6faf7444e
-
SHA256
61d83fa892b524f95cb41aae3dc8eaaa79f4812c8db494caecd9bf08ca7922f5
-
SHA512
0477c6878f9003eec9fecfa586be49961ffed57b5906e231c1485d021ca2e0bec5c54711fc45008829d29cdd4bb47dd1aa8ef5e031baf58ad8511c3f6a596584
-
SSDEEP
24576:ptVtyOGNXYgCR8JL0Y7WTB8/KyinGSp2g0nPg0nPF/sULKg0n+:ptVonYgZ0qSsg0nPg0nt/sjg0n
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/880-0-0x00000227F8880000-0x00000227F8BE4000-memory.dmp agile_net -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e65ce22f7f71995d14d99ee0ee6e7cd2_JaffaCakes118.exedescription pid process Token: SeDebugPrivilege 880 e65ce22f7f71995d14d99ee0ee6e7cd2_JaffaCakes118.exe