Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 21:10
Behavioral task
behavioral1
Sample
366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe
-
Size
730KB
-
MD5
366567509f20ce51e6f8395bd9e5675c
-
SHA1
8033f80cc7bce8c04918ece31d057c01604d7253
-
SHA256
ce64b32001618198fea13648a22f06dccde8b16411da5cec588e8c36d43bd82c
-
SHA512
9283febfb28b2f2e290658a1b132bc0154a8b20c41f9b70dadabea4ca9ec26b57bab7bf79d781b4a4c6e2f9d18268b3df994169fb8d2179545ba9b0e252235da
-
SSDEEP
12288:P7vBnDUkDk/7BnUWoXxuTW7c894DRgUBjQ8+obGsrHtK3ldz0qdUfIXTN6wjSm:PJDU8k/7VUWoXxwz894DRxjQ8+BAHKRj
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exedescription pid process Token: SeIncBasePriorityPrivilege 1968 366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exepid process 1968 366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\366567509f20ce51e6f8395bd9e5675c_JaffaCakes118.exe"1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
275B
MD58782a2c93c05c205c9e5c52fdfe9e80e
SHA1752e340b14e64308e91ad481e0a6ba7101104ba3
SHA256ae833d00fb1737e6e37d76e9cc68d1f4b98ad55c3a9c60b14d3ddf538236b1b3
SHA512e7df9dc5c0978e9b5220d7b4f6e306492b7598ed17a169bb1d385bb8f2ad16cb9c43bc883efb2655ef81b9f31195bac0ec4dc52e23cc265e86e56f8eab7c378d