06c28573591da9c5b4c540e09091d50d9d2a9fd643c504b57ae0cb5993d9cd68

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

276917ff69c501e096725561c1d96401_JaffaCakes118.exe
Size

60KB
MD5

276917ff69c501e096725561c1d96401
SHA1

60e500883b8e4a9e550864ca305fbc8cd4d23fd7
SHA256

06c28573591da9c5b4c540e09091d50d9d2a9fd643c504b57ae0cb5993d9cd68
SHA512

8d3ba0d43a4905ad69fed8d0e0e87678df08fcc8f4ba4fd5af24fc088217d0b3c5b11276118ccabd8b5a558e88178b335a50e7e73dbf17ae21c3ffc7b5d5d211
SSDEEP

768:iHZXRDNn/dcmoYb59QoYSMJgeCegRt6c/Lzpfeunjc94DlhIWl5dMBwZa0XIVEW:QRdFL+geCegLDzpfI+dM2Za0XIV

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	276917ff69c501e096725561c1d96401_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\BIHZ6ZK13.exe	276917ff69c501e096725561c1d96401_JaffaCakes118.exe
File opened for modification	C:\Windows\BIHZ6ZK13.exe	276917ff69c501e096725561c1d96401_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1232	276917ff69c501e096725561c1d96401_JaffaCakes118.exe
1232	276917ff69c501e096725561c1d96401_JaffaCakes118.exe
1232	276917ff69c501e096725561c1d96401_JaffaCakes118.exe
1232	276917ff69c501e096725561c1d96401_JaffaCakes118.exe
1232	276917ff69c501e096725561c1d96401_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\276917ff69c501e096725561c1d96401_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\276917ff69c501e096725561c1d96401_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads