Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-05-2024 07:15

General

  • Target

    74b544a2dba07ac124285e2ff8a330e5_JaffaCakes118.exe

  • Size

    107KB

  • MD5

    74b544a2dba07ac124285e2ff8a330e5

  • SHA1

    e687f1b15e3b180f44aeaa804a7476b32b765317

  • SHA256

    224aaa33d14e22344ace695ae30f54f6fa866d96995e5c655f2a0baa9ff04703

  • SHA512

    d5442314ed655b0a4ce3891b6559bc7ff37db8d26c5c98778538ab7999cff953c195bb080d9dd4f39356ad624120b1d98a75ff081d4393f8d027f64900fb7dcf

  • SSDEEP

    1536:nDdP8cdnG3eQ8GAaUKtwIxDHB4qWrkkdXpr3GtZO/1tIrre4PV3taDC:nDdkcJGUAB78kk/jN1tIrre4d3Y

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Unexpected DNS network traffic destination 6 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\74b544a2dba07ac124285e2ff8a330e5_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\74b544a2dba07ac124285e2ff8a330e5_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Writes to the Master Boot Record (MBR)
    PID:1204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads