8d9a60e84b9e2fe5cce761c4a180347ef357d740239fe139c2a80281933e2497

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 01:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c6bed843f9d68bd46a3d1b4880ee3cb1_JaffaCakes118.exe
Size

643KB
MD5

c6bed843f9d68bd46a3d1b4880ee3cb1
SHA1

a923f09ad4bc5b611e6c8d1b3371fefc675e0fd4
SHA256

8d9a60e84b9e2fe5cce761c4a180347ef357d740239fe139c2a80281933e2497
SHA512

0bfbf6d1e40eec2b013acd60546588768c9993cab3f4d1130b828916f11a96d6bd8008e8f972597723ca59da13ad00765661a0b615930ac5cff4f946c8421983
SSDEEP

12288:9w8LEGYw7H9NAegzh6VecRukmaTTfG/wSV4V8UtwsvH6sqzi4MZR:v7H9WePBQ+TTfGtu8Utwsis74

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	c6bed843f9d68bd46a3d1b4880ee3cb1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\c6bed843f9d68bd46a3d1b4880ee3cb1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c6bed843f9d68bd46a3d1b4880ee3cb1_JaffaCakes118.exe"
1⤵
- Writes to the Master Boot Record (MBR)
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3644-1-0x00000000019D0000-0x0000000001AD0000-memory.dmp

Filesize
1024KB

Download
memory/3644-2-0x0000000003470000-0x00000000034DB000-memory.dmp

Filesize
428KB

Download
memory/3644-3-0x0000000000400000-0x0000000001714000-memory.dmp

Filesize
19.1MB

Download
memory/3644-4-0x0000000000400000-0x0000000001714000-memory.dmp

Filesize
19.1MB

Download
memory/3644-5-0x0000000000400000-0x0000000001714000-memory.dmp

Filesize
19.1MB

Download
memory/3644-6-0x0000000003470000-0x00000000034DB000-memory.dmp

Filesize
428KB

Download
memory/3644-8-0x00000000019D0000-0x0000000001AD0000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads