b33da2f29b197a3324950268976f9844a945f51e06b888a48df5b32a32035dbb

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe
Size

104KB
MD5

eeecd79d1ae73bcdd466af090214900f
SHA1

d369f6ca52da53833e0cdfb48a09a725849bbd25
SHA256

b33da2f29b197a3324950268976f9844a945f51e06b888a48df5b32a32035dbb
SHA512

9ace3eb68bf0077edda15f923c146a4eaccaf8c30913d3f90c9acf6fc2e6b5d2387d92b91612029ca2f4e7f2707b6ec5bfbabe77cfc5e4b9dcec0893cde17724
SSDEEP

1536:WCc/MpmtGB0BfHJ/TLTUV96iJ3uA9NCF:WCGMpmtGB0B/NUV96iJ3uACF

Score

10^/10

discovery evasion trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe

Windows security bypass 2 TTPs 1 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify = "0"	eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe

Windows security modification 2 TTPs 1 IoCs

evasion trojan

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify = "0"	eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeBackupPrivilege	2516	eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2516	eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe

System policy modification 1 TTPs 1 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eeecd79d1ae73bcdd466af090214900f_JaffaCakes118.exe"
1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:2516