Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18-06-2024 08:42
Static task
static1
Behavioral task
behavioral1
Sample
bad10e7a73dc3f07ccfc1031b4be97dc_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
bad10e7a73dc3f07ccfc1031b4be97dc_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
bad10e7a73dc3f07ccfc1031b4be97dc_JaffaCakes118.exe
-
Size
206KB
-
MD5
bad10e7a73dc3f07ccfc1031b4be97dc
-
SHA1
200edd71a5ab8c08fc0542b61bd18943eefc59bb
-
SHA256
c809e2e044199a760b4b82f46e0b91eccd1868a8ecdfd4b46d0aab13e97dd5c1
-
SHA512
ab1a1274b0a98b6029369fcd49ece52d8f5ad049e15e4c06fca6ab91cf8447fd5f692412b71819e29b08494c0236b925e3dfea2de33259a211a70f9ccceecff5
-
SSDEEP
3072:imLGeqioyN51MpjgPsoAbh2WtwAeyK4QupNwyb5O0koHy930n1Fb/nbgoA:qeTV4pjgk3F1iAy4fo61q9I/
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Net Framework = "C:\\Users\\Admin\\AppData\\Local\\Microsoft Updater\\netsvc32.exe" bad10e7a73dc3f07ccfc1031b4be97dc_JaffaCakes118.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1280 bad10e7a73dc3f07ccfc1031b4be97dc_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1280 bad10e7a73dc3f07ccfc1031b4be97dc_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1280 bad10e7a73dc3f07ccfc1031b4be97dc_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bad10e7a73dc3f07ccfc1031b4be97dc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bad10e7a73dc3f07ccfc1031b4be97dc_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1280
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
59B
MD522f3c2851fecaa44e84ce97535507dbf
SHA1766f3c7511d541159fa56b5c63eea98e2bdc52e0
SHA256bcec886ba638ba8e18660953a497f1c5bcfeaa924cfc2d4a39a4efdcb7297087
SHA512c54dddc1596195e79b8ef2797b35756282f6e4633a862c14db4a935969a85354274553d2040943d59342a64e327f365ca83d8fc578c33bb55c3e37cd5a5b5a3c