Analysis

  • max time kernel
    142s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 15:50

General

  • Target

    9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe

  • Size

    14.9MB

  • MD5

    9eb51e1e61836355b2f58940d17df047

  • SHA1

    3e71699001b79c1632e1390750182d5432efe5f7

  • SHA256

    7130b2d0fa07e86d96edde99e4df456f37196109df17edcb8e7aa6ac9e4a2e55

  • SHA512

    4c9233baf4f08338017a3089f80fe052ee9337b1c8c77e16ee60719e1cf6e0df679723f74ed76875ab354ca5f4ba51cb1a10197b9e4c8760f5d598dea509692b

  • SSDEEP

    393216:eAYgZByNnyOaW7pzuZNt1bCu+0R5JGghg8vHx:eApZFOb7pzuZ1bCmfHhdvHx

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 13 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    PID:908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\atl71.dll

    Filesize

    87KB

    MD5

    79cb6457c81ada9eb7f2087ce799aaa7

    SHA1

    322ddde439d9254182f5945be8d97e9d897561ae

    SHA256

    a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a

    SHA512

    eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8

  • C:\Users\Admin\AppData\Local\Temp\showinstalltmp259405576\showinstall\UI\InstallUI.xar

    Filesize

    65KB

    MD5

    62fb02388c9bb8f54c2f0272db276a46

    SHA1

    006dea94310452b8ab90217755b483210dc1cca2

    SHA256

    8b1ab8bdf16c7e2c4cbda04e4e97d05d434a2894e1bad7053250a641aa5986ab

    SHA512

    d9b5cb4874658bacc5e250f2e270420931ead6b73c5d4ed5c7b050e3689fd6c1b2a03df642576c301697df1100eac3a2a33f8bca9628bc725aee43de929fa8c0

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLFSIO.dll

    Filesize

    210KB

    MD5

    7c4946b29a25b8d2a56be42142382db8

    SHA1

    d2179ac6649bebdd958b15962624a862973ec317

    SHA256

    904acdc9e58fb025b1b6ccbedcaa60cc84a80f4e6f1f181f265f8de847803ea0

    SHA512

    7309aa2ad0691301f76f5142f58bcd81dafdc3966892955bdb940aa19cf5126e8a454835196f847700753d0a57198967119046681710eedf5e30361ee88128ad

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLGraphic.dll

    Filesize

    714KB

    MD5

    f41e24ab7d848a4bfeb07df0da745880

    SHA1

    fe7fb1d231de3337bec1bdbf375b2f84c501d2e6

    SHA256

    a95a2b2fdedb4c5fd47dccc1b5538d266038b00671a613550525202e54713712

    SHA512

    bda1e38da9974786d234a869c136a9ca4f2a1a76677bacf60a65a9bdc964b7eb374ef10b60b35c57067d2fc145ae7b46d836e026b57d08cfbfbac465874d8cbe

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLGraphicPlus.dll

    Filesize

    206KB

    MD5

    6be5f83d76c67d05cd5385b9262298f0

    SHA1

    23ffc30390eee9942afa03299c3d4895e0e10c82

    SHA256

    54aa0c55fbcdf7c36a52a34335dac26ea202dd5a2be175714b7363fe47515d3d

    SHA512

    03e628df8439baa067a7a82dcc9bbc8a61d93318fe3755a7f081f906491d1ea4d8a182ef896791a609a134c8c98ff0e695b56f2cbb6b2d728f05e0edfaab2571

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLLuaRuntime.dll

    Filesize

    242KB

    MD5

    03b3732a1965b1f0e83a58166358dd9b

    SHA1

    252a7611c87e0e8c67accdfe8232ce806b9e263f

    SHA256

    b4bcbf707e03c8d9b5861dd5085abafab9d1ba7d73c6785be13374dd0110b7c3

    SHA512

    90e2808a260e7a41bc7d2bee282b7ff1cc013dfb1c3a3359f43c6b1b40fbbfc76e665c654b5decfd1b6ec2830fed2f414feab039703386187c07ef9d7b720a9b

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLTS.dll

    Filesize

    102KB

    MD5

    352d0efe67c8f46bcf763cd403d4145f

    SHA1

    47da3c79f46609551342bfc31b9f2b905e7e51f1

    SHA256

    defc745864ea79b9d356e4c7c1c18a18b8325a55bec7dd0eb64eb548e7ac1513

    SHA512

    39728835484a69ccf955dbadf7415f9713b1078d3c15f568d739201406dfbd0b1d49418cf64c1a70c42166239f5f6cda2f61c14c12c2bd52633de57aa52403c7

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\XLUE.dll

    Filesize

    1.8MB

    MD5

    ea3d7f310483fac453013f200bcc1aa2

    SHA1

    a959f901ea74643fae6f5aa09c3f7072b653f17b

    SHA256

    868a5e7f4f94c677ea781ccf335c6b95fa360dfdaee9e9bb74bad46b39f8bdbc

    SHA512

    606d5266fcd525b3720d6d36b74ade6d8abe36ed7263984198f9454915b56044272e524c441cccea9472e45edab72af6d4fcae53fb0a008f72e66894f3b00402

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\installUI.dll

    Filesize

    246KB

    MD5

    851199151b791faf430b93a7cede2ddb

    SHA1

    0d65eca7e4a08821eba43fb3de5c3165abd1564e

    SHA256

    a79d318b27e8657c638d11ad77a56f64b21c8c857c52de00cb564d662bfddfd5

    SHA512

    5c1c5ef108fe4e0e86aa8cf3999eaaffa9a3102b8c5c8e9f54f48041941610c090d1d389245d963a0a2f951200403b59fbea1552a149952bbbff531a5f701e52

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\libexpat.dll

    Filesize

    140KB

    MD5

    e1b5d8a30d71675b6b98b74641c4dbbf

    SHA1

    2e1799003065534334f84d8f5b23d883a97e4999

    SHA256

    2810a1e3eb3bb8ff1e64fc34dd9485ffeda6a8e0b510f2879c65afa5a0ed0381

    SHA512

    9eca414b9e27ca15d063a3ab260d2bf680bc20e62c09f25ac1aea73cbcdde90910e59cf22ffeddec6a8f9f4a42df722e6cc6d894898ec37a4801223ba4c0cffe

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\libpng13.dll

    Filesize

    224KB

    MD5

    1e1e34be543669a185f52a8589e84e86

    SHA1

    a1b8d8cb3e32b6c662a05da4129e8fda02c54008

    SHA256

    cba3b634236d173993e541f789b666d972a5437fecf04fb94036f48fff79611e

    SHA512

    01dacd238c443bd2e11030d201819b98068b5cccdb0f1acf96582d7538d3a36a5e4087fdbf20d6b41782a854569bdaf67470cc3bb8fb9e663a3089b7307e5f36

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\msvcp71.dll

    Filesize

    492KB

    MD5

    a94dc60a90efd7a35c36d971e3ee7470

    SHA1

    f936f612bc779e4ba067f77514b68c329180a380

    SHA256

    6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9

    SHA512

    ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\msvcr71.dll

    Filesize

    340KB

    MD5

    ca2f560921b7b8be1cf555a5a18d54c3

    SHA1

    432dbcf54b6f1142058b413a9d52668a2bde011d

    SHA256

    c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

    SHA512

    23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

  • \Users\Admin\AppData\Local\Temp\showinstalltmp259405576\installui\zlib1.dll

    Filesize

    105KB

    MD5

    8ac275b39f47cd375de5c582af7bc5df

    SHA1

    c8aa95fa7236925312c2f11e5051c23bdc6affd0

    SHA256

    92b4e943a1cd10dda4f171ec767c37158ad3792c723802aad391e4e6c58057b4

    SHA512

    9ce42bc878f4277552824f3f952244bf31ce7d915680c8ec4d6edb19774da56787f5669f7472bf4e6ffa6458e6f19023b2d25029421bd02aff2cf171f513ab7d

  • memory/908-116-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-80-0x0000000003340000-0x00000000033F9000-memory.dmp

    Filesize

    740KB

  • memory/908-94-0x0000000003400000-0x00000000035D6000-memory.dmp

    Filesize

    1.8MB

  • memory/908-104-0x0000000003610000-0x0000000003642000-memory.dmp

    Filesize

    200KB

  • memory/908-90-0x00000000030E0000-0x000000000311B000-memory.dmp

    Filesize

    236KB

  • memory/908-112-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-113-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-84-0x00000000030A0000-0x00000000030D9000-memory.dmp

    Filesize

    228KB

  • memory/908-119-0x0000000002AC0000-0x0000000002AD8000-memory.dmp

    Filesize

    96KB

  • memory/908-126-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-125-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-100-0x00000000035E0000-0x0000000003604000-memory.dmp

    Filesize

    144KB

  • memory/908-139-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-138-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-137-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-136-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-135-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-151-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-72-0x0000000002C20000-0x0000000002C53000-memory.dmp

    Filesize

    204KB

  • memory/908-622-0x0000000062E80000-0x0000000062EA2000-memory.dmp

    Filesize

    136KB

  • memory/908-623-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-624-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB

  • memory/908-626-0x0000000000240000-0x0000000000340000-memory.dmp

    Filesize

    1024KB