Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
16/05/2024, 22:10
General
-
Target
4d419a8343f7880d9632ec33de02c0f6_JaffaCakes118.exe
-
Size
1.9MB
-
MD5
4d419a8343f7880d9632ec33de02c0f6
-
SHA1
072b8db9b82d8d0069ccf4002944fcb6acda8a15
-
SHA256
3127b1daea49474709fba860e48d46592a83c6ff5a984a237c898fbb4e6e09cd
-
SHA512
35373adb3c1216a4b81960423d5a9f50ee4b66cf7244d6604d9ea99ffc2aa1acc425c5bb71f031b578fa2fe6e4b75d2e3cdc59b0e16af4f4a0a75228bbbe842a
-
SSDEEP
49152:XKBGilF2eA7Ky7VoNU9f2AtaCAi/65DC2qZqNtwCc:XEfA7KsoNU9f2TCP/EDGZq/+
Score
10/10
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d419a8343f7880d9632ec33de02c0f6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4d419a8343f7880d9632ec33de02c0f6_JaffaCakes118.exe"1⤵
- UAC bypass
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5446a9c6ac54efae966e5843bf2166d2f
SHA163672ac9ab9a93ba6e148e9c8ecbb4ae81ab88bf
SHA2565a28cd46505a36b979c91bdc00ab644f2e60d6e430d24f963ab6277f785937f0
SHA512723aa3a2304b8aaef956de94db730a1cf74a992097219999af48d9c9be6e62d04dfe1f6af9e443a38d03fa2697d563dce29bd7e502c183f6c4c6125893118cfb