Analysis

  • max time kernel
    133s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-06-2024 06:14

General

  • Target

    93d67381660a2a62ae5e7f64b10e140d_JaffaCakes118.exe

  • Size

    4.3MB

  • MD5

    93d67381660a2a62ae5e7f64b10e140d

  • SHA1

    18141a47754073ddab934a71b038014f7cf12683

  • SHA256

    3af5e9704b9a9991e84ada28b550c35233c2b210f792b21de4dcf44baf05cb25

  • SHA512

    df6679e38fad539549bcafd1b7d8c95ca034d6c4e208c5c89d39f4a0e6e5f1ea8a4e020ec61b6a82ddfa3dac3f149f55be5a46269785aa6332a21fa6d4b090b3

  • SSDEEP

    98304:aqSh5zRZwYeMMIV3PsU6Z8y6TaOphYLYSHinQpUt/YV5DyzFf:ajHYOpCm/s9y

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93d67381660a2a62ae5e7f64b10e140d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\93d67381660a2a62ae5e7f64b10e140d_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    PID:416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 1244
      2⤵
      • Program crash
      PID:2472
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 416 -ip 416
    1⤵
      PID:3128

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads