Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
26-09-2024 00:21
General
-
Target
f726cc5fa1db3923a62100c640deb50c_JaffaCakes118.exe
-
Size
660KB
-
MD5
f726cc5fa1db3923a62100c640deb50c
-
SHA1
fda41431db89c3e29efddfa2a5427de7cdc83133
-
SHA256
decfa900ce14d532b730a9070d71114e02aa6a0b8d405c9577fd593f42af330b
-
SHA512
e6f6345845ec0b6911a45790e26f2b755ed3c9f6b05fe1426f94a579594c3b241d44b5d9daf49f8160ddb6d18efbd915451990b5712f7df2cca3dca99d267ebc
-
SSDEEP
3072:8wVxOo4uDRiOEWfatBF/xJlxtZcVII1GmWhW72a7kyO64pTSod16naj:8wV+1BFjPtuVIXmWCnPKSodgQ
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 1 IoCs
-
Windows security modification 2 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f726cc5fa1db3923a62100c640deb50c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f726cc5fa1db3923a62100c640deb50c_JaffaCakes118.exe"1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Adds Run key to start application
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- System policy modification
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB