a2424e632af10cc1dde80cfe2c292d302a6e2457320b3188836f4f3cae0640af

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe
Size

207KB
MD5

fa206253202bc85f184ec77e196b8d50
SHA1

e031e14faa7290c11ff6871805620b9d77ea131d
SHA256

a2424e632af10cc1dde80cfe2c292d302a6e2457320b3188836f4f3cae0640af
SHA512

04675a55176473ba4deef5c70636a16d056ae3a2007a5cbf3c935a916f9282a592b07916efcdb8c84bafc8e5313b91614f02301bbbe0abf5565272af2d0ae48a
SSDEEP

6144:qva08a3Ahun+aC1meyUGimMOIAjymLcFjI7:mW1meyUGpvymItW

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe

description ioc process

File opened for modification \??\PhysicalDrive0 fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe

Modifies registry class 3 IoCs

Processes:

fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe

pid process

2208 fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe

pid	process
2208	fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa206253202bc85f184ec77e196b8d50_JaffaCakes118.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2208

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-0-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2208-1-0x00000000003B0000-0x00000000003B6000-memory.dmp

Filesize
24KB

Download
memory/2208-4-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2208-3-0x0000000000250000-0x0000000000260000-memory.dmp

Filesize
64KB

Download
memory/2208-6-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2208-7-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2208-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2208-9-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2208-10-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2208-11-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2208-12-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2208-13-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2208-14-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2208-15-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2208-16-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2208-17-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2208-18-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/2208-19-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/2208-20-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download
memory/2208-21-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/2208-22-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/2208-23-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/2208-24-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/2208-25-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/2208-27-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/2208-26-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/2208-28-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/2208-29-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/2208-30-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/2208-31-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/2208-32-0x0000000002C70000-0x0000000002C71000-memory.dmp

Filesize
4KB

Download
memory/2208-33-0x0000000002C60000-0x0000000002C61000-memory.dmp

Filesize
4KB

Download
memory/2208-34-0x0000000002C90000-0x0000000002C91000-memory.dmp

Filesize
4KB

Download
memory/2208-35-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/2208-36-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/2208-37-0x0000000002CA0000-0x0000000002CA1000-memory.dmp

Filesize
4KB

Download
memory/2208-38-0x0000000002CD0000-0x0000000002CD1000-memory.dmp

Filesize
4KB

Download
memory/2208-39-0x0000000002CC0000-0x0000000002CC1000-memory.dmp

Filesize
4KB

Download
memory/2208-40-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/2208-41-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

Filesize
4KB

Download
memory/2208-42-0x0000000002D10000-0x0000000002D11000-memory.dmp

Filesize
4KB

Download
memory/2208-43-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/2208-44-0x0000000002D30000-0x0000000002D31000-memory.dmp

Filesize
4KB

Download
memory/2208-45-0x0000000002D20000-0x0000000002D21000-memory.dmp

Filesize
4KB

Download
memory/2208-47-0x0000000002D40000-0x0000000002D41000-memory.dmp

Filesize
4KB

Download
memory/2208-46-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/2208-48-0x0000000002D70000-0x0000000002D71000-memory.dmp

Filesize
4KB

Download
memory/2208-49-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/2208-50-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/2208-51-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/2208-52-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

Filesize
4KB

Download
memory/2208-53-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/2208-54-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

Filesize
4KB

Download
memory/2208-55-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/2208-56-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/2208-57-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

Filesize
4KB

Download
memory/2208-58-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/2208-59-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/2208-60-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/2208-61-0x0000000002E20000-0x0000000002E21000-memory.dmp

Filesize
4KB

Download
memory/2208-62-0x0000000002E50000-0x0000000002E51000-memory.dmp

Filesize
4KB

Download
memory/2208-63-0x0000000002E40000-0x0000000002E41000-memory.dmp

Filesize
4KB

Download
memory/2208-64-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/2208-65-0x0000000002E60000-0x0000000002E61000-memory.dmp

Filesize
4KB

Download
memory/2208-285-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2208-303-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download