ce64b32001618198fea13648a22f06dccde8b16411da5cec588e8c36d43bd82c

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe
Size

730KB
MD5

366567509f20ce51e6f8395bd9e5675c
SHA1

8033f80cc7bce8c04918ece31d057c01604d7253
SHA256

ce64b32001618198fea13648a22f06dccde8b16411da5cec588e8c36d43bd82c
SHA512

9283febfb28b2f2e290658a1b132bc0154a8b20c41f9b70dadabea4ca9ec26b57bab7bf79d781b4a4c6e2f9d18268b3df994169fb8d2179545ba9b0e252235da
SSDEEP

12288:P7vBnDUkDk/7BnUWoXxuTW7c894DRgUBjQ8+obGsrHtK3ldz0qdUfIXTN6wjSm:PJDU8k/7VUWoXxwz894DRxjQ8+BAHKRj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe

description pid process

Token: SeIncBasePriorityPrivilege 1968 366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe

pid process

1968 366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe

description	pid	process
Token: SeIncBasePriorityPrivilege	1968	366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe

pid	process
1968	366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe"
1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\server.lnk

Filesize
275B

MD5
8782a2c93c05c205c9e5c52fdfe9e80e

SHA1
752e340b14e64308e91ad481e0a6ba7101104ba3

SHA256
ae833d00fb1737e6e37d76e9cc68d1f4b98ad55c3a9c60b14d3ddf538236b1b3

SHA512
e7df9dc5c0978e9b5220d7b4f6e306492b7598ed17a169bb1d385bb8f2ad16cb9c43bc883efb2655ef81b9f31195bac0ec4dc52e23cc265e86e56f8eab7c378d

Download Submit
memory/1968-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1968-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1968-12-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1968-14-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download