Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
08/05/2024, 23:50
Static task
static1
Behavioral task
behavioral1
Sample
274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe
-
Size
495KB
-
MD5
274bf08f2e0780e5a582c6bd46e73f40
-
SHA1
797f0f59bce35123d8664102c20a6df84ca317c0
-
SHA256
0735b5f82254cce151990dff1ef7ad973f2fbaaad7a15928948dfa417d02b097
-
SHA512
f557244818e497a227b806914ad706e462112fcd2306aae3eca36ee270389873051f5c5e4d2cdc56590987362fb5ffd8dba6f51fe6a1ec7d64d908ff7706955b
-
SSDEEP
12288:/7QGFbRTQwtcKT1/MqvCr5w4pJNtmHeU3zeICBEuOxJG:jtcKT1/+r/m+UjeA3xJG
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\z: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\g: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\h: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\j: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\p: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\x: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\y: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\m: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\n: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\r: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\s: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\v: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\i: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\u: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\t: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\w: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\e: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\k: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\l: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\o: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe File opened (read-only) \??\q: 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 274bf08f2e0780e5a582c6bd46e73f40_JaffaCakes118.exe