Analysis
-
max time kernel
9s -
max time network
10s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28/09/2024, 03:24 UTC
Behavioral task
behavioral1
Sample
fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe
Resource
win7-20240903-en
3 signatures
150 seconds
Errors
Reason
Machine shutdown
General
-
Target
fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe
-
Size
6KB
-
MD5
fb68377ad9852afc5986c3b36572a9f3
-
SHA1
1092151de851b6a8e950c8e3478166e683d41f3f
-
SHA256
40040701c9aa58609e4999814734acdcc462e8d182aff5bd0fed3b17a8f9ba12
-
SHA512
ef521b506e57664c8be77eb58b4f6a438ecd8d640a0a0983675586402e9e321eab7fccf370fead2d27feb617fff63dab5d4c2e5fdd275f181df98faac0574880
-
SSDEEP
96:pPL2UJ4PcfbA6jN0AHGOD6lTViEsXBbcwHEBer0a+WpHPeYo:pPLdjbAOan7UFIe9pHPW
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2636-0-0x0000000000400000-0x0000000000408000-memory.dmp upx behavioral1/memory/2636-2-0x0000000000400000-0x0000000000408000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 2636 fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fb68377ad9852afc5986c3b36572a9f3_JaffaCakes118.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2636
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵PID:2812
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵PID:496