02db48c20f69ef4bebb3ca1676f56377d578aefa6f013b9f1f782c26e105bd98

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe
Size

36KB
MD5

ad959b2ae2c20cd9b3aaaa3fb73968b8
SHA1

4331df3f9f14b04c066278f132d0709e1e56ffb1
SHA256

02db48c20f69ef4bebb3ca1676f56377d578aefa6f013b9f1f782c26e105bd98
SHA512

0bbe67a85193f71f317fa466773ad0c169c1338bd88a1d0fb15ad60d48dc3cd5070681c596582328b2756865bb5f009829fe637d31b458ba51f1ce203e2aba1f
SSDEEP

384:kmkzGmcWzzLhT9sfvds3DnlcxEXskp38Zr+ZvJbD2oYHWFEu:TkamcYhOfvds3DlcxE8kx8R+ZZ28E

Score

10^/10

discovery evasion trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe

Windows security bypass 2 TTPs 1 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify = "0"	ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify = "0"	ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeBackupPrivilege	1424	ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1424	ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ad959b2ae2c20cd9b3aaaa3fb73968b8_JaffaCakes118.exe"
1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1424