Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 15:42
Static task
static1
Behavioral task
behavioral1
Sample
aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe
-
Size
321KB
-
MD5
aa7d4cc97055c4744a45962b133703c1
-
SHA1
db48809294f69d0dbcfc085cdee51274a143110c
-
SHA256
b8a47f274b14a345878f2df9256d933d2b927d6ad0d72a25217b5965a9df06e2
-
SHA512
e15d73dfadc984e5463b235835d2718694fa9c1b6f040514abb4566fbe74de1101a81972805b554f87927e2ce48dbde9a41484b5b4adb9af87a71cdced2b6e04
-
SSDEEP
6144:uBq0q96QND07RNtdvqgvk5W1QYzpzTGXnP0s5+YRUnWFgvErVodwsmD:uB46QNKNt3vk5jXPZ5bqdErVR7
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Windows\\Windows.exe" aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows = "\\Windows\\Windows.exe" aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Windows.exe aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2752 aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2752 aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe Token: 33 2752 aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe Token: SeIncBasePriorityPrivilege 2752 aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2752 aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\aa7d4cc97055c4744a45962b133703c1_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2752
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2492
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50B
MD53573578f61fab975f20f6e535fa7ce88
SHA171b3b946fba1ec98aa24455eb5a1fc4173ba69aa
SHA25645ca88ac47a3c35792e76dff2eb045d43bfe5a4149d48108fc165759edabde08
SHA51277638dc39ff35e9b767f7c6118ed6aa94106f609ff5b8c8ce41e9cc8983c9464586b0722e06d1afafc56aed18ca8164a6bc9742e2471d07043e9d2640bd297d7