Analysis
-
max time kernel
6s -
max time network
7s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
12-07-2024 01:37
Static task
static1
Behavioral task
behavioral1
Sample
3b865e66d56730f9ec6eb184fb86e26a_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3b865e66d56730f9ec6eb184fb86e26a_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Errors
General
-
Target
3b865e66d56730f9ec6eb184fb86e26a_JaffaCakes118.exe
-
Size
100KB
-
MD5
3b865e66d56730f9ec6eb184fb86e26a
-
SHA1
feb28454c37367742594aa4c620f79678fe20b58
-
SHA256
dba6c32a8b8c7cf5e1e3a3261e4dae5c89fa37ecd3f5932da958693ee8fae7b9
-
SHA512
7c75316a0c9dd00e4d66fd2e97d288382ccd158fdc5a30235651ea0c3b4f7250128993084806f63261967d1f719b8cc6e5d6afcd794c53f0df2b47893e8024b3
-
SSDEEP
1536:9McDXGJC8WNy0Od69iOGRMaiNfPRSFUuTHM0mno+cJlId:+cT8B0LitziNfTuTSnohJlId
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\mflrypj.dll 3b865e66d56730f9ec6eb184fb86e26a_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 2700 3b865e66d56730f9ec6eb184fb86e26a_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b865e66d56730f9ec6eb184fb86e26a_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3b865e66d56730f9ec6eb184fb86e26a_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2700
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:1888
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵PID:2824