Analysis
-
max time kernel
132s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26-08-2024 01:23
Behavioral task
behavioral1
Sample
c200677bdb3ba91a6dc7d4777dff00b8_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
c200677bdb3ba91a6dc7d4777dff00b8_JaffaCakes118.exe
-
Size
1.1MB
-
MD5
c200677bdb3ba91a6dc7d4777dff00b8
-
SHA1
315bdba6bc78d21041ca5c4e7757d14e0a4b081b
-
SHA256
f02b03b5dea111d3144e268385baf2b48d0e4728c519ca8a3229306db3f0b834
-
SHA512
a04e8cfa99843e6d961a7f743af49f894928059651eb8c2001c091591cf0baa02da204f8eaef7e1b37f67748e64d3876a8299f7d0b35a3543cc460a0fd1c98f3
-
SSDEEP
24576:PDP+oZIcHxW1CtPSbfakSUo7QvSUo7gE:j+nxhNo7CNo7
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 2 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/4484-1-0x00000000004D0000-0x00000000005EA000-memory.dmp agile_net behavioral2/memory/4484-8-0x0000000005350000-0x00000000053F2000-memory.dmp agile_net -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
c200677bdb3ba91a6dc7d4777dff00b8_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c200677bdb3ba91a6dc7d4777dff00b8_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
c200677bdb3ba91a6dc7d4777dff00b8_JaffaCakes118.exedescription pid process Token: SeDebugPrivilege 4484 c200677bdb3ba91a6dc7d4777dff00b8_JaffaCakes118.exe