Analysis
-
max time kernel
92s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 10:15
General
-
Target
1ae7e832043c3b019e0a352a251a67e8_JaffaCakes118.exe
-
Size
68KB
-
MD5
1ae7e832043c3b019e0a352a251a67e8
-
SHA1
0952e14a154bd096a3db5dc79f8149ca6701ea78
-
SHA256
609205762b968c2674355dee4d0c2af4031bd40e020578554989aa1f4ac15a7b
-
SHA512
594220c046ed0ed570a7e0dddd5e44da4dbe8ebee7b582508ee5fe70df16889e0febb4ec0761ce4a5cb0f6b821910a29fb9aac72dcdd3a0381d20104c6e5f343
-
SSDEEP
768:p5hsGkirNo8m4U1VIw98f1+LjohCYKqv+LnLB03AWW26W7PHDfURD:fki28xsV90j2qv+LnLBKLW26+AN
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies firewall policy service 3 TTPs 4 IoCs
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ae7e832043c3b019e0a352a251a67e8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1ae7e832043c3b019e0a352a251a67e8_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Modifies firewall policy service
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1