Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05-05-2024 06:09
Behavioral task
behavioral1
Sample
1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe
-
Size
202KB
-
MD5
1652d682b9e12bf4a4e6b0e09c748abc
-
SHA1
594a6c45e1ba7894dcb890967dae74482a8fe90e
-
SHA256
051015f961c60fd8b5a6f6f9db935e73b25303c4bfcfaa24cd09a6ecae8fc016
-
SHA512
32e7ef44e3569971865c74b7678445ebe538d37bca505bda5bd97c3fda70b7819da1c521141c7a1b7869f5c685f6923d339e74487ab8ace1a303e4fbd2d97c0c
-
SSDEEP
6144:QLV6Bta6dtJmakIM5Tr8cCqESuheKLJcyfFo3nq:QLV6Btpmkpcbgvfyq
Malware Config
Signatures
-
Processes:
1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exepid process 3560 1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe 3560 1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe 3560 1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exepid process 3560 1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exedescription pid process Token: SeDebugPrivilege 3560 1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1652d682b9e12bf4a4e6b0e09c748abc_JaffaCakes118.exe"1⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3560