Analysis
-
max time kernel
93s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
29-07-2024 16:40
Behavioral task
behavioral1
Sample
531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe
-
Size
89KB
-
MD5
531cf928a1113ef698f18113ea45fef2
-
SHA1
9dcddd0372f50e527226dd2e3e3c828cdcb819e6
-
SHA256
8d9ef876176aaae0e3d3bb73e83396b6174ae228e7ba4cfd83354da204bb9ec9
-
SHA512
c49075b8121cf848a7d79e66587f21bd9431045f03d6dad0efe76aa31beb89bc39dde5968abd11b3b8775fdce5bbb5be637e32a6a7053e2c945d7d257c3f106c
-
SSDEEP
1536:daFcbxKqTLdgvTFcFfCOUlRgm1F4yosOZGfJKTvLETeP4kzmD:cFyTSQNUlRtOIOETePED
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes:
531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exedescription pid process Token: SeImpersonatePrivilege 2988 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeTcbPrivilege 2988 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeChangeNotifyPrivilege 2988 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeCreateTokenPrivilege 2988 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeBackupPrivilege 2988 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeRestorePrivilege 2988 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeIncreaseQuotaPrivilege 2988 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe Token: SeAssignPrimaryTokenPrivilege 2988 531cf928a1113ef698f18113ea45fef2_JaffaCakes118.exe