Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07-09-2024 01:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe
-
Size
54KB
-
MD5
d0cc6f4a785501054e414fadd9d4ef7e
-
SHA1
1449e8a8c07a853fcc9c10b20a8ef14b9d50e9ac
-
SHA256
dfc0cd4a502ce6243494c0588fab96f209b4299922011dba363f3d56a7d49459
-
SHA512
7e0ce492cbffa8e4e8d938ac1e5d1e2e58a87e365dfc9c47da8a6e76c4dc2d41716725d0b97414376e08a28fd3a9e91815358e7d55517fbb13bb48306d2a5d89
-
SSDEEP
768:h1JNkqtdL24Mzkd+XKtRH9AJjdfUIvw1EgDkANntYCpfBPx5yUWEViDFsLF9+cka:Hkk9IkYKPHe5re91GCplxHyug
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\eofuh.exe d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\eofuh.exe d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\TabProcGrowth = "0" d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2720 d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2720 d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe Token: SeSystemtimePrivilege 2720 d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 1 IoCs
description pid Process procid_target PID 2720 wrote to memory of 1204 2720 d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe 21
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1204
-
C:\Users\Admin\AppData\Local\Temp\d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\d0cc6f4a785501054e414fadd9d4ef7e_JaffaCakes118.exe"2⤵
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2720
-