Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 21:10
Behavioral task
behavioral1
Sample
366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
6 signatures
150 seconds
General
-
Target
366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe
-
Size
145KB
-
MD5
366538a418a4c36e9f6a4d2193fa4bc7
-
SHA1
87a4ab452f3fe3b1815bbaaa44538cc375b32a31
-
SHA256
9fcc3df66029190af08c07d9f6ee6a3707bb84c8d727579f402b9fdce791e808
-
SHA512
5848ceb8240ae3ad34c797fa0f6f591104c0a043393e8287a2c184b2695acbb863d8ba4c1306878f652571f6378514e4d305bfc11b2c3b78901991a90fdfcbce
-
SSDEEP
3072:UOxtKfasWVDVrlGlEkfjLk1SebGQQeKNYydadMMDd/HbqoutHB77777J77c77c7s:UOzKLMVr8LfjWbG+ZMgdeoSHB77777Jw
Malware Config
Signatures
-
Processes:
366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe -
Processes:
366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" 366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe -
Processes:
resource yara_rule behavioral1/memory/2384-0-0x0000000000400000-0x0000000000469000-memory.dmp upx behavioral1/memory/2384-2-0x0000000000400000-0x0000000000469000-memory.dmp upx -
Processes:
366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" 366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe -
Processes:
366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe -
System policy modification 1 TTPs 2 IoCs
Processes:
366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System 366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" 366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\366538a418a4c36e9f6a4d2193fa4bc7_JaffaCakes118.exe"1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- System policy modification
PID:2384