Analysis
-
max time kernel
149s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-04-2024 21:40
General
-
Target
fb3979eb83af289613f3b9e1d3d9d321_JaffaCakes118.exe
-
Size
5.9MB
-
MD5
fb3979eb83af289613f3b9e1d3d9d321
-
SHA1
e37864e9c6999ebffa63a1325ea6b45e7d8d192e
-
SHA256
5a6ffc20b491863e71a8f624114d50d806b1a76f51d1f3d52dc1ade90e403e4e
-
SHA512
9f729954fc827a8dfbe2bdc161bbc4435c77f154479884c0ba97a7f867dd08ad9a989bd8da2d5e83482f048d0f9b5c16beef1d13ec3771fcdc17fa35a33c537c
-
SSDEEP
98304:UGFb27sv/NX3KYYqiONU6hgPnDOM5Wssdv1P3T4pAeQ37bY81IIM39CPoOQxoMvX:7Q72pKYpiXPDhkRRZaIM39GooMaG
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fb3979eb83af289613f3b9e1d3d9d321_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fb3979eb83af289613f3b9e1d3d9d321_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\gzip.dllFilesize
29KB
MD58b3591965f623b219c0c528153746cab
SHA1020961494fa0e08779b7aacf4422269935354f7d
SHA25697ea3d99cf21123bc1aec72f9ded6a51ac659830392adfefd424eb799ab0219e
SHA5126e547197d160c9ec13cf2384add1bb6753276e3dab97d951adba9257d6bf999720635a7b9d94a5ca8b94bdda2f25f36c5938d126bc3e46a358e1fad072132351
-
memory/2288-0-0x0000000000400000-0x00000000011D4000-memory.dmpFilesize
13.8MB
-
memory/2288-3-0x0000000077CD0000-0x0000000077CD1000-memory.dmpFilesize
4KB
-
memory/2288-1-0x0000000077CD0000-0x0000000077CD1000-memory.dmpFilesize
4KB
-
memory/2288-7-0x0000000076DA0000-0x0000000076DA1000-memory.dmpFilesize
4KB
-
memory/2288-9-0x0000000000400000-0x00000000011D4000-memory.dmpFilesize
13.8MB
-
memory/2288-11-0x0000000077CD0000-0x0000000077CD1000-memory.dmpFilesize
4KB
-
memory/2288-12-0x0000000076DA0000-0x0000000076DA1000-memory.dmpFilesize
4KB
-
memory/2288-22-0x0000000000400000-0x00000000011D4000-memory.dmpFilesize
13.8MB
-
memory/2288-25-0x0000000008910000-0x0000000008922000-memory.dmpFilesize
72KB