06e7e6c8552e077500936f5131827ac641fb19c559a8d32f1da7c3ac30328592 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

f4e45d6fcd...18.exe

windows7-x64

7

f4e45d6fcd...18.exe

windows10-2004-x64

7

Sharing

General

Target

f4e45d6fcdb296e604831c7cd8ca06ca_JaffaCakes118
Size

904KB
Sample

240417-dhy56add8s
MD5

f4e45d6fcdb296e604831c7cd8ca06ca
SHA1

8af6e21120347285bfc997a39366afd3711f5156
SHA256

06e7e6c8552e077500936f5131827ac641fb19c559a8d32f1da7c3ac30328592
SHA512

051d51ea66d0cc3b0664f8ad1f677198f553cd06220f2b894398fba4439c4d682c858cec86462914230771d8a57d29da75f62304e7b0cf2ced0ccd9008673a24
SSDEEP

24576:7RFDmH3VwqA888888888888888888888288888x888v888+88F88W88v88Q8e8HJ:2wqA888888888888888888888288888j

Score

7^/10

bootkit persistence vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f4e45d6fcdb296e604831c7cd8ca06ca_JaffaCakes118.exe

Resource

win7-20240221-en

bootkit persistence vmprotect

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f4e45d6fcdb296e604831c7cd8ca06ca_JaffaCakes118.exe

Resource

win10v2004-20240412-en

bootkit persistence vmprotect

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  f4e45d6fcdb296e604831c7cd8ca06ca_JaffaCakes118
- Size
  
  904KB
- MD5
  
  f4e45d6fcdb296e604831c7cd8ca06ca
- SHA1
  
  8af6e21120347285bfc997a39366afd3711f5156
- SHA256
  
  06e7e6c8552e077500936f5131827ac641fb19c559a8d32f1da7c3ac30328592
- SHA512
  
  051d51ea66d0cc3b0664f8ad1f677198f553cd06220f2b894398fba4439c4d682c858cec86462914230771d8a57d29da75f62304e7b0cf2ced0ccd9008673a24
- SSDEEP
  
  24576:7RFDmH3VwqA888888888888888888888288888x888v888+88F88W88v88Q8e8HJ:2wqA888888888888888888888288888j
Score

7^/10

bootkit persistence vmprotect
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Modifies WinLogon
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistencevmprotect

behavioral2

bootkitpersistencevmprotect

© 2018-2024

Terms | Privacy