Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
09/07/2024, 07:00
General
-
Target
2f646ca3db5e7c221261bc0210e27954_JaffaCakes118.exe
-
Size
44KB
-
MD5
2f646ca3db5e7c221261bc0210e27954
-
SHA1
aad085cce9c06aae43220ba37af39453d45b23fa
-
SHA256
eabd8180037d88786f394268dc56e14d145f1897dbf79a0f9eda8425280e2d58
-
SHA512
a61bda5b8c265f728ce595513d37c9446e68c26318feb4610a88b4c8c3fd518f62ba7a40015f9ff6b0486941c3498747051cf76c7795b55ab2ece8ca707f4243
-
SSDEEP
768:InAAwf7o4PoycIXkGAMcisybmpM3n/C3w1NBNIhJiuQnBUuao:InA17oKdcUcizCpGuFc
Score
10/10
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 1 IoCs
-
Drops file in Drivers directory 1 IoCs
-
Windows security modification 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f646ca3db5e7c221261bc0210e27954_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\2f646ca3db5e7c221261bc0210e27954_JaffaCakes118.exe"1⤵
- UAC bypass
- Windows security bypass
- Drops file in Drivers directory
- Windows security modification
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4