Analysis
-
max time kernel
13s -
max time network
20s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
20/04/2024, 06:44
Errors
Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-20T06:44:29Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240412-en/instance_10-dirty.qcow2\"}"
General
-
Target
fc29acc7941f4eeb0be0baf2c38df787_JaffaCakes118.exe
-
Size
7KB
-
MD5
fc29acc7941f4eeb0be0baf2c38df787
-
SHA1
64d19b4fecb4a368440308932f0c087994f5c61f
-
SHA256
ee91905fb5151d7b00736570f633301cc27c34055c7620c5a1970481a2c5d6ff
-
SHA512
26ac88db304d0f7ca27a6c92225dd2e8deeb3a60a4b7e88b2dee257aeeadc13628e7b1f420a5d1bfa5b657df8c88b3b66c2620e4c415d89e0102d7ea11f7ee85
-
SSDEEP
96:rW0ibfoX1MUEyWw4sopxq1X4qijP0LKQyfhJlLISlg0UMDTKZxh3z3o5:d6POWwbopxiXzijPAAJ6+UMXKN4
Score
7/10
Malware Config
Signatures
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Modifies data under HKEY_USERS 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc29acc7941f4eeb0be0baf2c38df787_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fc29acc7941f4eeb0be0baf2c38df787_JaffaCakes118.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39ad055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
-
Filesize
36KB