40040701c9aa58609e4999814734acdcc462e8d182aff5bd0fed3b17a8f9ba12

Analysis

max time kernel
9s
max time network
10s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 03:24

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe
Size

6KB
MD5

fb68377ad9852afc5986c3b36572a9f3
SHA1

1092151de851b6a8e950c8e3478166e683d41f3f
SHA256

40040701c9aa58609e4999814734acdcc462e8d182aff5bd0fed3b17a8f9ba12
SHA512

ef521b506e57664c8be77eb58b4f6a438ecd8d640a0a0983675586402e9e321eab7fccf370fead2d27feb617fff63dab5d4c2e5fdd275f181df98faac0574880
SSDEEP

96:pPL2UJ4PcfbA6jN0AHGOD6lTViEsXBbcwHEBer0a+WpHPeYo:pPLdjbAOan7UFIe9pHPW

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2636-0-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/2636-2-0x0000000000400000-0x0000000000408000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2636	fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2636

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2812

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/496-4-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2636-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2636-2-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2812-3-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download