Analysis
-
max time kernel
6s -
max time network
7s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
19-08-2024 06:13
Errors
Reason
Machine shutdown
General
-
Target
a9e6ce932fe8eeb44fb6ce14e49c932d_JaffaCakes118.exe
-
Size
96KB
-
MD5
a9e6ce932fe8eeb44fb6ce14e49c932d
-
SHA1
a31bcc8f318a11403a88396e53a04d2a9a7e0ec3
-
SHA256
279c7a2b0b4c30a9d927119cb798dde19f99cfb9262aa23a5f6290883a40e3f5
-
SHA512
fec309c34ee76a00885b1c38985561bd5f4f0cf4aacdcfd68c1f0e22a7c59d26bd09dc70385f70c9c526b20b243dcd66c2486dcbdd9ffa4f9058c118bd438c12
-
SSDEEP
1536:3erfbNd1wGZv7x6zYtcXGV2ADF0LqhW35uxfHjHHS6kW1F8HHH3agkZN47n2jzB8:3+Zd1wGZvUMqaDWLqh6s/jnSucnKDknh
Score
8/10
Malware Config
Signatures
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a9e6ce932fe8eeb44fb6ce14e49c932d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a9e6ce932fe8eeb44fb6ce14e49c932d_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
100KB
-
Filesize
4KB
-
Filesize
100KB
-
Filesize
4KB
-
Filesize
4KB