Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 23:49
Static task
static1
Behavioral task
behavioral1
Sample
274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe
-
Size
7.6MB
-
MD5
274ba4b9503555799de29cfecf1af7d2
-
SHA1
5c6bf712f3548fb7e1210ef0b8b6b5ac81d7b2f4
-
SHA256
19a0812492b8775875dc06ad0e277cce7eded213c703d28603b8879a4b502d66
-
SHA512
24abcf03f6ae08d66c75bb8a142a13778ddccc37b90c24bc444f70fa46fff24c63cae0b2d0734d88d94e697ef27bf03e99fb9d278a2b0a4c1af270a9638fc17c
-
SSDEEP
98304:54jGpZMZgotGO5cseyuzvB0ZbScijRvry8:5SOMLnScIb
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Flash Player Local 32-64bit = "C:\\Users\\Admin\\AppData\\Local\\Temp\\274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe" 274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5116 274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe 5116 274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 5116 274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe 5116 274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe 5116 274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\274ba4b9503555799de29cfecf1af7d2_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5116