Overview

overview

10

Static

static

3

JaffaCakes...f4.exe

windows7-x64

10

JaffaCakes...f4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 10:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8a98f9aaf6ba4f04ac5e6283a6a28ef4.exe

  • Size

    276KB

  • MD5

    8a98f9aaf6ba4f04ac5e6283a6a28ef4

  • SHA1

    3bcf65109888331a70b6e186766dc60de91b17a0

  • SHA256

    48ed2f5100e2db6872011e85ba6b9bf45cf3d21c88e8753aea2c3f4557faf24a

  • SHA512

    edd924889111dc2ca345025b95974444470ac020f933cda0f39a922aae8ecd521b9d28812a4e6eb616dbdfdeb3aea8fc30e993f05c4ce852ea094b149bb1d16b

  • SSDEEP

    1536:EZLMJ249icel/Z01/NBX4UDpegM3zwACUJGLqKmGZTlP2cG1o60cmzi24pAVNg6d:QAX0e1FB/DpKjCLGAwAVzfOqyb3g

Score
10/10
defense_evasiondiscoverytrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    defense_evasiontrojan
  • Windows security bypass 2 TTPs 1 IoCs
    defense_evasiontrojan
  • Windows security modification 2 TTPs 1 IoCs
    defense_evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • System policy modification 1 TTPs 1 IoCs
    defense_evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a98f9aaf6ba4f04ac5e6283a6a28ef4.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a98f9aaf6ba4f04ac5e6283a6a28ef4.exe"
    1⤵
    • UAC bypass
    • Windows security bypass
    • Windows security modification
    • Checks whether UAC is enabled
    • Maps connected drives based on registry
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:5244
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a98f9aaf6ba4f04ac5e6283a6a28ef4.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a98f9aaf6ba4f04ac5e6283a6a28ef4.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3932-2-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3932-6-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3932-5-0x0000000000400000-0x0000000000408960-memory.dmp

    Filesize

    34KB

    Download

  • memory/3932-4-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download