Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
29-07-2024 16:40
Behavioral task
behavioral1
Sample
531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe
-
Size
89KB
-
MD5
531cf928a1113ef698f18113ea45fef2
-
SHA1
9dcddd0372f50e527226dd2e3e3c828cdcb819e6
-
SHA256
8d9ef876176aaae0e3d3bb73e83396b6174ae228e7ba4cfd83354da204bb9ec9
-
SHA512
c49075b8121cf848a7d79e66587f21bd9431045f03d6dad0efe76aa31beb89bc39dde5968abd11b3b8775fdce5bbb5be637e32a6a7053e2c945d7d257c3f106c
-
SSDEEP
1536:daFcbxKqTLdgvTFcFfCOUlRgm1F4yosOZGfJKTvLETeP4kzmD:cFyTSQNUlRtOIOETePED
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes:
531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exedescription pid process Token: SeImpersonatePrivilege 2732 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeTcbPrivilege 2732 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeChangeNotifyPrivilege 2732 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeCreateTokenPrivilege 2732 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeBackupPrivilege 2732 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeRestorePrivilege 2732 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeIncreaseQuotaPrivilege 2732 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeAssignPrimaryTokenPrivilege 2732 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe