Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/08/2024, 10:40
General
-
Target
95c11eb9e2e93b922dcfe2b825f718e0_JaffaCakes118.exe
-
Size
128KB
-
MD5
95c11eb9e2e93b922dcfe2b825f718e0
-
SHA1
4e11477cfec0cc6060b4d9fe88e5b31e0374776b
-
SHA256
6f063067c1f9bc9e864b7b8ad62606f78222e5d5c507209fbcce5e29ed414c4b
-
SHA512
1e65d546b9c5c5724617341c40927dca32edf8574ebc9a27c2e8d81c455ee96cbcbd7b2f1ac562637b66d898597276a7239bdd42e9fd7d5b6c5bd6dcfd30124e
-
SSDEEP
3072:3vwo/00v+NCgrurliZHaFOw7WDcfYFM6LkOb:t+sgru4k7bIqO
Score
10/10
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 1 IoCs
-
Windows security modification 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\95c11eb9e2e93b922dcfe2b825f718e0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\95c11eb9e2e93b922dcfe2b825f718e0_JaffaCakes118.exe"1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4