Analysis
-
max time kernel
3s -
max time network
7s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
20/07/2024, 07:52
Errors
Reason
Machine shutdown
General
-
Target
5fa3d4b37a24b2942915e5cdf890a738_JaffaCakes118.exe
-
Size
88KB
-
MD5
5fa3d4b37a24b2942915e5cdf890a738
-
SHA1
210e306e0bea6b7a1b38c479949ea2a8caa641e6
-
SHA256
3fe56ddc331987f577b8ca255a4ce1614644a6ed91f2b469ce9f07cf7a187c2c
-
SHA512
578cd90fc7225d93f9a6053078eb8ee7deaff94b60aa7d576e07b4874e2ac15500dd70de7e757e03a7e4f63e843be7e3999ebe17c004dcd56584f2c4d4d2a185
-
SSDEEP
1536:Vnpo+QCJAENdnsSIsfGW9lV258KUwkNdyK6nB1DGlEEEC7xZopSluTHT9KoTJlIU:VnpKrUQsfGWLV+Ub0K6nB1DGlBEC7oEG
Score
8/10
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory 1 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5fa3d4b37a24b2942915e5cdf890a738_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\5fa3d4b37a24b2942915e5cdf890a738_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3999055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB