Analysis
-
max time kernel
148s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
01-08-2024 21:08
General
-
Target
81c4f12dd7bfe86ce82e2850e7c56f14_JaffaCakes118.exe
-
Size
462KB
-
MD5
81c4f12dd7bfe86ce82e2850e7c56f14
-
SHA1
61f07a6da8d33081060ff5d5b097bfdc36a904dc
-
SHA256
7daef8ab1d1536f8be7020cd91f889e00e57e824b48e378bba27127c3d65588e
-
SHA512
1d80b34723d0e9392827a7f7ef7d9877ae51e83537bb381c36bce6ded738babc64ec3b6bc4d1dc865c6afa963d5ecbcc2b601fba91429023bdb6e8f8dcb812c4
-
SSDEEP
6144:oyef/7EfFpbLHyogyAAo0IRAGJZI/mLxgoPWjM/ea9JZC4obTxJs5sR+xEcSzeVL:3hpbLSogfApIRfIUSa70Js5seEHI/Eu
Malware Config
Signatures
-
UAC bypass 3 TTPs 3 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
System policy modification 1 TTPs 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\81c4f12dd7bfe86ce82e2850e7c56f14_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\81c4f12dd7bfe86ce82e2850e7c56f14_JaffaCakes118.exe"1⤵
- UAC bypass
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2