b7ad4f656fb40f6d27064ee25978b50059cf908fd0a71b6188729dc39e6e756f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 18:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe
Size

60KB
MD5

2d55d64178dbe209971d6a1fb5cfb595
SHA1

b8f9a96eea0a20bbc64a64b733dce6b863c4c398
SHA256

b7ad4f656fb40f6d27064ee25978b50059cf908fd0a71b6188729dc39e6e756f
SHA512

39f7d7e6136c992783a9d22aecaa82f1c5b970ee04147d47d81d8d6eabcc50d50f5805f9f0dfb0973c1744303dd59e2a31c2aa92a5c49df136eff5a25f7c92f9
SSDEEP

768:6Z94OONnKBETEVXw7JmPBoUSMtZeuegRt6c/L6pPeunjc94DlhIWl5dMBwZa0XIv:6OoJWf6ZeuegLD6pvI+dM2Za0XIU

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\0IUAMLR.exe	2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe
File opened for modification	C:\Windows\0IUAMLR.exe	2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1332	2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe
1332	2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe
1332	2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe
1332	2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe
1332	2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2d55d64178dbe209971d6a1fb5cfb595_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads