Analysis
-
max time kernel
142s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04-10-2024 04:35
Static task
static1
Behavioral task
behavioral1
Sample
11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe
Resource
win7-20240903-en
General
-
Target
11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe
-
Size
641KB
-
MD5
11da309f612fd09b868d8e11135e3ee0
-
SHA1
a3f0c16307cfba80c2eeeaa373e5ac3c3d20a4b6
-
SHA256
1adef4690888171c5e761d69a643554a45ba3c61c891c30213ece573f6cef4e4
-
SHA512
cfb0fae51af14e5846ef4d375936c42b252369e9784e31552711d3bfeaced882ffbef558b1af9b78255160861fc207f6f1b9c1dcaffbf16c2f114a9894c1ba61
-
SSDEEP
12288:yqHyMJfsV5SIAl9U7GKx4mHB8loHk/YwFsRPBJVRZCsworEpHecd9+/N:HHyMJfs37AlaxrXH8sPBJvnWebF
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4032-5-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-1-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-4-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-88-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-89-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-90-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-91-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-92-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-108-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-124-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-130-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-125-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-126-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-135-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-137-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-140-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-139-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-138-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-149-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-150-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-151-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-152-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-153-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-154-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-156-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-158-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-160-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-161-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-162-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-163-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-164-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-165-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-168-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-169-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-170-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-171-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-172-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-173-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-175-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-176-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-177-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-178-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-179-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-180-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-184-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-185-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-186-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-187-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-188-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-189-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-191-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-192-0x0000000002250000-0x0000000002390000-memory.dmp upx behavioral2/memory/4032-193-0x0000000002250000-0x0000000002390000-memory.dmp upx -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\PROGRA~2\is240629890.log 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4032 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe 4032 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe 4032 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe 4032 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeShutdownPrivilege 4032 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe Token: SeCreatePagefilePrivilege 4032 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4032 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe 4032 11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\11da309f612fd09b868d8e11135e3ee0_JaffaCakes118.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4032
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
156B
MD51ea9e5b417811379e874ad4870d5c51a
SHA1a4bd01f828454f3619a815dbe5423b181ec4051c
SHA256f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a
SHA512965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa
-
Filesize
5KB
MD5de33eb6c074cd19e5f35fdb9684ac8a4
SHA179e3ee9a50d0ac4df641c7e67e9196134b3c8079
SHA256cb88809b1178adad0dba06ce5bee171b2b80de9d9a171daa880ae907384a2c63
SHA51245b0f7b700ad0c7c21cece8e80f586054a7d24b45846ee25fa55a0f757dacff6a2b907ad604b2b945bf8c901e8eb93e75178a4f9e1420b8df9d5bd93187bd33c
-
Filesize
506B
MD55335f1c12201b5f7cf5f8b4f5692e3d1
SHA113807a10369f7ff9ab3f9aba18135bccb98bec2d
SHA256974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda
SHA5120d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df
-
Filesize
27KB
MD573690cdfa0fa656dcaef01ed512adeba
SHA192397a9955cdfd057dcd9b7bf1786179824654c5
SHA25635c4229c12a36fd0642313e4e4d1ae991ca37d3e156425d4b34bfb65b67933b2
SHA512fec791a6d257c494131e068929d9fee4cd222b52fab0c20ec439d16bdabd1c71bd735b1b8ebb42d951019a9b054b6389c5db5e44b5853874ec9d018609161a20
-
Filesize
293B
MD575a9464e6e2e2d8efc82e5285ab0d95d
SHA103aa7ccf18666265cef894adc30aede977116405
SHA2567ec62b84d0c741b8e1f4c735ba37fd4dc889690590cf900073793b8d6e44cd0a
SHA512c52d190454e7d6fbafdd18960b5c95cc76da66ce02b7d0caf1eecc3335ae60b8aeb8b014be9adfaf46cafcdb7342029ec265d64576483cfc2b2439a514d9b63c
-
Filesize
294B
MD5aa5fc77754056e5cf059ae73ae3ffb93
SHA1d6dea0e225dc926506c9c1bc8d9084cbaf7cc350
SHA256cb4b816b428001c2756dc75791598a256ff2774c5dc9e87253ae77b5aaed8da0
SHA5121c61531ed01bd48af185450f64f6a908784a4846085044109cf18f385592f783ae6c9b99cffe95b4d6fc1108fc2cebdfeccca30a01c682f5d47b019429b0e8a6
-
Filesize
2KB
MD574e2fdcc7a0e8161c160c2614a67801c
SHA143a3ccee7e8e9f1448982662e567d1311e21b5fd
SHA2566608965b76e3c0f43eb9ca66c75f5b916ae7348ef7250de5413dad735cde9398
SHA512a7da8a7330a7beab2fd5e04ca3efc917c933cf8e4dadad531a8ac11e8add814890b4693ec9393408230e61e3a934075334953bd1ebadc6938bedf6a11c93f8c3
-
Filesize
2KB
MD574900169442a73b94a452a43bde17248
SHA1b211e593a3bc6559482ddb707399d7b7cf08d331
SHA256c2e7c5e031b4e7bcefa800de4659c8c1ca072ad074d15860583588962beea9b5
SHA512e0a24cf32e8865e9021e161f66f9c275f777ab592e3bb365dd568963aa998612e1dfe9eefdd71e3239ffb43657ef1f86367410192c7769968e9ecfcb6b6ef4c8
-
Filesize
1KB
MD5aa1424f218bf3befbcca3c4c0e42a365
SHA1c91d5dce4ebd543d905026577f8a05dff1d8357e
SHA256e1a823582add59d1406fd36d3f7f86f98873e3201168e542cb49239d6c525ab0
SHA5128ef2ea9613ff50bf028c9ef4611326d61b1cd07d01b89631faa2053449fab9a746e06e59a176dd5cda4f02f77fca8eedbb6e46ae4a78afa416ae8adb7ef0d93b
-
Filesize
1KB
MD561b27f16ef13d3ad95833dd3a932f307
SHA19e0866a07c8309b8f5fb3fbec98531f2ebfbce6f
SHA256be3dee9b5d9f2893607ff916b3c3313987a16092230650dbaeec6e9e36c63ad2
SHA512c3d6a15a826c990bd77c4d2581fe8791fb71346477ee360af50f96a7521e83f5ae89c520af221a737787684eb2b6a714afe9e6d770d9103de4fcc18f767283a0