Analysis
-
max time kernel
140s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
22/08/2024, 18:01
General
-
Target
b896a117663d409732487ea51a7fb2f1_JaffaCakes118.exe
-
Size
654KB
-
MD5
b896a117663d409732487ea51a7fb2f1
-
SHA1
feae5cb29d35d9cc2404f2ac75c438e34bae4883
-
SHA256
a53563c272155d20356b229040bb04e8a6b5ac4df5a71ee5688bcca7b10a0479
-
SHA512
cd70811cdbb4c2fd44f899fe76847fd5b1b6202516005081024824a33832335400c9c1355813756923f44387873eaf15e3fcd2a24c1898b8423f9831dddd994f
-
SSDEEP
12288:UVPkWX99rdNI2NoAxKGnX+PI2Rgsnv1rwJv0NeMe6kNkZCgCj7XfJAMoS:Fu02/ndNuNdkNkqLJ
Score
7/10
Malware Config
Signatures
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b896a117663d409732487ea51a7fb2f1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b896a117663d409732487ea51a7fb2f1_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.7MB
-
Filesize
1.7MB