Analysis
-
max time kernel
134s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
21-08-2024 11:27
General
-
Target
b3483c07cc886a60bc8c3bbf90a35d19_JaffaCakes118.exe
-
Size
9KB
-
MD5
b3483c07cc886a60bc8c3bbf90a35d19
-
SHA1
7d3fa0a993a1621236c8ec3e347fa7020c0bd030
-
SHA256
f2e535776a1a08fc96839f5d09110db22a4d9cfcfca8210b4065a46021e446f9
-
SHA512
09e03992cf6af16494cecc51af4acd8dd8f3050ebce8cf38c3e49a4d68df6c15bb6f5bf1040500c7bad383287c9936bffff8a97139a4ba5213dc475bfa99a795
-
SSDEEP
192:qkHWWiiU901xlkWH8CJxDpdhtlSxHJWc/FUfB67lR:quHiiU01xl1p1lSnWc/Fu67l
Score
8/10
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\b3483c07cc886a60bc8c3bbf90a35d19_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b3483c07cc886a60bc8c3bbf90a35d19_JaffaCakes118.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB