Overview

overview

7

Static

static

3

fe3cc33f61...18.exe

windows7-x64

7

fe3cc33f61...18.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/04/2024, 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe3cc33f61d6537b780ec831b2702e69_JaffaCakes118.exe

  • Size

    469KB

  • MD5

    fe3cc33f61d6537b780ec831b2702e69

  • SHA1

    b76837e6bd7e0e4a892db5012f5588c364dec3ae

  • SHA256

    10459bf15b06bd9a38ad9fa4179ffa8c0dbb8ac84b38ee53eb315cc4c754f22f

  • SHA512

    efbf9b14c9dcba1c5454600c4231e8937f648e227c6b237a672b417646e96ab4067defc3aa96fb1467cae19a8355622ae3acfe463991243e951ec52f20225d18

  • SSDEEP

    12288:Fb7jkD3v0VBRxE5MBGlcM7UdTAT7UZWG1j3FLiUh:Fb3w3v8BRqEM7UdaU1j35i

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe3cc33f61d6537b780ec831b2702e69_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fe3cc33f61d6537b780ec831b2702e69_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1656
  • C:\Windows\picture.exe
    C:\Windows\picture.exe
    1⤵
    • Executes dropped EXE
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2456

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\picture.exe
      Filesize

      469KB

      MD5

      fe3cc33f61d6537b780ec831b2702e69

      SHA1

      b76837e6bd7e0e4a892db5012f5588c364dec3ae

      SHA256

      10459bf15b06bd9a38ad9fa4179ffa8c0dbb8ac84b38ee53eb315cc4c754f22f

      SHA512

      efbf9b14c9dcba1c5454600c4231e8937f648e227c6b237a672b417646e96ab4067defc3aa96fb1467cae19a8355622ae3acfe463991243e951ec52f20225d18

      Download Submit

    • memory/1656-11-0x0000000002310000-0x0000000002311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-12-0x0000000002320000-0x0000000002321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-4-0x0000000001E30000-0x0000000001E31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-5-0x0000000002300000-0x0000000002301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-6-0x0000000002380000-0x0000000002381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-9-0x0000000001E00000-0x0000000001E01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-8-0x0000000001D40000-0x0000000001D41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-7-0x0000000002370000-0x0000000002371000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-3-0x0000000001CE0000-0x0000000001CE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-0-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/1656-2-0x00000000003C0000-0x00000000003C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-13-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-10-0x0000000001DE0000-0x0000000001DE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-14-0x0000000001D10000-0x0000000001D11000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-15-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-18-0x0000000001D30000-0x0000000001D31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-19-0x0000000001D20000-0x0000000001D21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-20-0x0000000001E20000-0x0000000001E21000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-1-0x00000000004F0000-0x000000000052A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1656-43-0x00000000004F0000-0x000000000052A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1656-42-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2716-26-0x00000000003D0000-0x00000000003D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-25-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-27-0x0000000000590000-0x0000000000591000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-29-0x0000000000820000-0x0000000000821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-28-0x00000000005A0000-0x00000000005A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-30-0x0000000000520000-0x0000000000521000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-32-0x0000000000540000-0x0000000000541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-31-0x0000000000560000-0x0000000000561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-33-0x00000000005C0000-0x00000000005C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-34-0x00000000005D0000-0x00000000005D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-35-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-36-0x0000000000290000-0x00000000002CA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2716-37-0x0000000000500000-0x0000000000501000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-38-0x0000000000510000-0x0000000000511000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-39-0x00000000005E0000-0x00000000005E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-40-0x00000000005F0000-0x00000000005F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-41-0x0000000000810000-0x0000000000811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-24-0x00000000003C0000-0x00000000003C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-22-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2716-44-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download

    • memory/2716-45-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2716-49-0x0000000000400000-0x00000000004E4000-memory.dmp

      Filesize

      912KB

      Download