Overview

overview

7

Static

static

3

f845786d34...18.exe

windows7-x64

7

f845786d34...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18-04-2024 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f845786d34ff7c1d9f0201957ed44bbe_JaffaCakes118.exe

  • Size

    469KB

  • MD5

    f845786d34ff7c1d9f0201957ed44bbe

  • SHA1

    82c64d6cda5e4fafe3920b98202888f58ab15f71

  • SHA256

    65b14daf64b9a79ce8d04c3dc0f157abf3d92242902a720ec2fe49119c439aaa

  • SHA512

    44f903755c39a03503f1eb313f709b3d27159dff91bbde7cdbab6ba6821d437846ed3e631a39ac5a921ab32064a31f596e2757aaa9c3a7a06773eef52089bf22

  • SSDEEP

    12288:gb7jkD3v0VBRxE5MBGlcM7UdTIE7UZWG1j3FLiUh:gb3w3v8BRqEM7Ud5U1j35i

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f845786d34ff7c1d9f0201957ed44bbe_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f845786d34ff7c1d9f0201957ed44bbe_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2992
  • C:\Windows\EXPLORERI.exe
    C:\Windows\EXPLORERI.exe
    1⤵
    • Executes dropped EXE
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2536

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\EXPLORERI.exe
      Filesize

      469KB

      MD5

      f845786d34ff7c1d9f0201957ed44bbe

      SHA1

      82c64d6cda5e4fafe3920b98202888f58ab15f71

      SHA256

      65b14daf64b9a79ce8d04c3dc0f157abf3d92242902a720ec2fe49119c439aaa

      SHA512

      44f903755c39a03503f1eb313f709b3d27159dff91bbde7cdbab6ba6821d437846ed3e631a39ac5a921ab32064a31f596e2757aaa9c3a7a06773eef52089bf22

      Download Submit

    • memory/2488-39-0x0000000001E40000-0x0000000001E41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-43-0x0000000001F80000-0x0000000001F81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-25-0x0000000000270000-0x0000000000271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-45-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2488-28-0x00000000003F0000-0x00000000003F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-29-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-30-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-31-0x0000000001F90000-0x0000000001F91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-32-0x0000000001E60000-0x0000000001E61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-33-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-34-0x0000000001E80000-0x0000000001E81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-35-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-24-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-36-0x0000000001F00000-0x0000000001F01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-37-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-38-0x0000000001E50000-0x0000000001E51000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-40-0x0000000001E70000-0x0000000001E71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-41-0x0000000001F10000-0x0000000001F11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-44-0x0000000000340000-0x000000000037A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2488-22-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2488-42-0x0000000001F60000-0x0000000001F61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-8-0x0000000002090000-0x0000000002091000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-6-0x00000000005B0000-0x00000000005B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-23-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2992-11-0x0000000000580000-0x0000000000581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-7-0x00000000007C0000-0x00000000007C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-3-0x00000000003F0000-0x00000000003F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-20-0x00000000005A0000-0x00000000005A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-18-0x0000000000530000-0x0000000000531000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-0-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2992-19-0x0000000000520000-0x0000000000521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-5-0x0000000000510000-0x0000000000511000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-2-0x0000000000260000-0x0000000000261000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-4-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-9-0x0000000002040000-0x0000000002041000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-10-0x0000000000540000-0x0000000000541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-15-0x0000000002F00000-0x0000000002F01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-26-0x0000000000340000-0x000000000037A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2992-12-0x0000000000560000-0x0000000000561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-13-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-14-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2992-1-0x0000000000340000-0x000000000037A000-memory.dmp

      Filesize

      232KB

      Download