Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03-07-2024 19:54
General
-
Target
238faf0b598e66dc9404cbe78b481d3d_JaffaCakes118.exe
-
Size
98KB
-
MD5
238faf0b598e66dc9404cbe78b481d3d
-
SHA1
b97730563a9be6c40b1b7901928e679c17e2793b
-
SHA256
237e3316006e3022fc11b1db8943af0c9734d06aedd4937e2978c89ecc6a0210
-
SHA512
6a43902410aa60b2d9f21f18c1076446c56bb42c999b89186a6cc1721f9298963644accfe7fff1a705f11cf09153b84a5f713874f205d82ae408421226273907
-
SSDEEP
3072:NeUC2iXSDRGS9UL2F2Hr2HjFt6HAi7lSw2H8I:NecYIbfvS4
Score
10/10
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\238faf0b598e66dc9404cbe78b481d3d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\238faf0b598e66dc9404cbe78b481d3d_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\238faf0b598e66dc9404cbe78b481d3d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\238faf0b598e66dc9404cbe78b481d3d_JaffaCakes118.exe" Administrator2⤵
- UAC bypass
- Adds Run key to start application
- Checks whether UAC is enabled
- System policy modification
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB