Analysis

  • max time kernel
    13s
  • max time network
    20s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/04/2024, 06:44

Errors

Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-20T06:44:29Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240412-en/instance_10-dirty.qcow2\"}"

General

  • Target

    fc29acc7941f4eeb0be0baf2c38df787_JaffaCakes118.exe

  • Size

    7KB

  • MD5

    fc29acc7941f4eeb0be0baf2c38df787

  • SHA1

    64d19b4fecb4a368440308932f0c087994f5c61f

  • SHA256

    ee91905fb5151d7b00736570f633301cc27c34055c7620c5a1970481a2c5d6ff

  • SHA512

    26ac88db304d0f7ca27a6c92225dd2e8deeb3a60a4b7e88b2dee257aeeadc13628e7b1f420a5d1bfa5b657df8c88b3b66c2620e4c415d89e0102d7ea11f7ee85

  • SSDEEP

    96:rW0ibfoX1MUEyWw4sopxq1X4qijP0LKQyfhJlLISlg0UMDTKZxh3z3o5:d6POWwbopxiXzijPAAJ6+UMXKN4

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc29acc7941f4eeb0be0baf2c38df787_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fc29acc7941f4eeb0be0baf2c38df787_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:712
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa39ad055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/712-0-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

  • memory/712-1-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB