Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
29-07-2024 13:03
Behavioral task
behavioral1
Sample
48390513a0096f95fe18ba96582305e5_JaffaCakes118.exe
Resource
win7-20240708-en
General
-
Target
48390513a0096f95fe18ba96582305e5_JaffaCakes118.exe
-
Size
28KB
-
MD5
48390513a0096f95fe18ba96582305e5
-
SHA1
48e14eb9b9fb3a8d5ffc3c3d3456562c3ac5fb17
-
SHA256
302dae63587747056fc6438d04aa984fcadea09d2c7ce7bf7ebeb9e3b8798106
-
SHA512
759ddbe09186772a59aff0a97363bac18a04d099b1a185454b70c8e4cfe084999d8884824bd0ebae676a3ccb34373ed7ae7cece660c1feeb98c8e1d93811c295
-
SSDEEP
384:PB+Sbj6NK2fv6ZRAHN8A+qD/hUlA/8vDKNrCeJE3WNgGuGOx64pGVlBcQro3lcYr:pp2H6ZRwNFi6/y45NiBsDVl8Nj
Malware Config
Extracted
limerat
-
aes_key
12345
-
antivm
false
-
c2_url
https://pastebin.com/raw/BXLPUZ5z
-
delay
3
-
download_payload
false
-
install
false
-
install_name
Wservices.exe
-
main_folder
Temp
-
pin_spread
false
-
sub_folder
\
-
usb_spread
false
Extracted
limerat
-
antivm
false
-
c2_url
https://pastebin.com/raw/BXLPUZ5z
-
download_payload
false
-
install
false
-
pin_spread
false
-
usb_spread
false
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 4 pastebin.com 5 pastebin.com -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 48390513a0096f95fe18ba96582305e5_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2396 48390513a0096f95fe18ba96582305e5_JaffaCakes118.exe Token: SeDebugPrivilege 2396 48390513a0096f95fe18ba96582305e5_JaffaCakes118.exe