Overview

overview

10

Static

static

3

ee78074854...18.exe

windows7-x64

10

ee78074854...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-09-2024 21:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee78074854e6ed49449a0e8982f24055_JaffaCakes118.exe

  • Size

    244KB

  • MD5

    ee78074854e6ed49449a0e8982f24055

  • SHA1

    b068b32e565e216612633579b545eb2c18d9e4eb

  • SHA256

    a6257bbaa87a0c79f38a3560a3b61bb1f05ceb99fd0163ca093980aea3ac5b56

  • SHA512

    de8c02b62763b34964cdbc8f486d08e28e050cf4e4bee2007ed2bea95c761a90e3093be9fb100f11358c4650adb1b23473e26a52ad36c1d6afe5b8f676f958ef

  • SSDEEP

    3072:ZHg4j9dVZzs4/OGzkGIPfw0dqsiilyJ2SpwC4BBrs0NhB5Eq6EEXybUPZtsQZ6Si:ZHlfQNGdKtiiS2SErJ5MyCsMoTMho

Score
10/10
discoveryevasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee78074854e6ed49449a0e8982f24055_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ee78074854e6ed49449a0e8982f24055_JaffaCakes118.exe"
    1⤵
    • UAC bypass
    • Windows security bypass
    • Windows security modification
    • Checks whether UAC is enabled
    • Maps connected drives based on registry
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • System policy modification
    PID:4344
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 740
      2⤵
      • Program crash
      PID:5016
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4344 -ip 4344
    1⤵
      PID:1980

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4344-0-0x0000000000400000-0x000000000049F000-memory.dmp

      Filesize

      636KB

      Download

    • memory/4344-1-0x0000000000401000-0x0000000000480000-memory.dmp

      Filesize

      508KB

      Download

    • memory/4344-5-0x0000000000400000-0x000000000049F000-memory.dmp

      Filesize

      636KB

      Download