Analysis
-
max time kernel
93s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01-06-2024 03:34
Static task
static1
Behavioral task
behavioral1
Sample
89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe
Resource
win7-20240221-en
General
-
Target
89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe
-
Size
1.3MB
-
MD5
89401bbd6861779597b9a4d70146cb17
-
SHA1
f97a6479fcf485af51ee25f8534b873b8b568aec
-
SHA256
88b67f7a181723a120bf4c3afba3b63d5b66c7bcf2d27e3bc42708cc61948c51
-
SHA512
9cef08dd8e0eac8137621815a7772eba0fad829024523faed5dee91bde57f914bf53d7cf906c1fc666fe260ce041da82498bc93dc3fa114b6a1fe57729eb71ac
-
SSDEEP
12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zist3:U/eDNAuaE6tiE
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 5044 89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe 5044 89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe 5044 89401bbd6861779597b9a4d70146cb17_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192B
MD5b32e479bd009ed83990c9673269a8679
SHA1c90602796792d73b8e14df593d28c88639957537
SHA2564da0710275fe2edc624ceae921dfed794450221c88daaac73467fc885cff1a3b
SHA512d29415020d7ddc493ac36ad2351414523f9804f3031a50c6bfded58d8b9a83f13877ae73571e9dcc50eedd7014230196313dfab8618e587e118ae6ba4d94db12