Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 15:50
Static task
static1
Behavioral task
behavioral1
Sample
9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe
-
Size
14.9MB
-
MD5
9eb51e1e61836355b2f58940d17df047
-
SHA1
3e71699001b79c1632e1390750182d5432efe5f7
-
SHA256
7130b2d0fa07e86d96edde99e4df456f37196109df17edcb8e7aa6ac9e4a2e55
-
SHA512
4c9233baf4f08338017a3089f80fe052ee9337b1c8c77e16ee60719e1cf6e0df679723f74ed76875ab354ca5f4ba51cb1a10197b9e4c8760f5d598dea509692b
-
SSDEEP
393216:eAYgZByNnyOaW7pzuZNt1bCu+0R5JGghg8vHx:eApZFOb7pzuZ1bCmfHhdvHx
Malware Config
Signatures
-
Loads dropped DLL 25 IoCs
Processes:
9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exepid process 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe 672 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exedescription ioc process File opened for modification \??\PhysicalDrive0 9eb51e1e61836355b2f58940d17df047_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
277KB
MD58fee14428f387712d32eb082777d67b1
SHA12653a306abb29f8bf002bf6727b69f3e3fb39e96
SHA256e31e6a04d563acdec9c5a6f4cb034f7335ce6ee3afafb17d5495560e48f425ff
SHA5125b03af1a0e61c51e52939d68f50ab68c79fc1cded6487d2c71d43202aa4b66036819e46df35814e770fe2630bc74d939fdac87e2088c4cb963e9567948ddfc50
-
Filesize
65KB
MD562fb02388c9bb8f54c2f0272db276a46
SHA1006dea94310452b8ab90217755b483210dc1cca2
SHA2568b1ab8bdf16c7e2c4cbda04e4e97d05d434a2894e1bad7053250a641aa5986ab
SHA512d9b5cb4874658bacc5e250f2e270420931ead6b73c5d4ed5c7b050e3689fd6c1b2a03df642576c301697df1100eac3a2a33f8bca9628bc725aee43de929fa8c0
-
Filesize
1.5MB
MD5e8cc5bfaee3979882c33cc8a2cc2fc60
SHA17e6d39b25a9092aba2c3a4721b6b7f0a27a8a74a
SHA2560d3b877c566fc9f917ece2352bdcdff8bac10fba3b77acf5c06ab14f5e0b4c72
SHA512efcd0a6d95fa1e42a160cd238d75eff39004d5427afcbd8eff86485eabefd3e0063c0d2cee3a6c98e9a6fa06514fb1bbb583797e582971012bcaa49bf484de8a
-
Filesize
210KB
MD57c4946b29a25b8d2a56be42142382db8
SHA1d2179ac6649bebdd958b15962624a862973ec317
SHA256904acdc9e58fb025b1b6ccbedcaa60cc84a80f4e6f1f181f265f8de847803ea0
SHA5127309aa2ad0691301f76f5142f58bcd81dafdc3966892955bdb940aa19cf5126e8a454835196f847700753d0a57198967119046681710eedf5e30361ee88128ad
-
Filesize
714KB
MD5f41e24ab7d848a4bfeb07df0da745880
SHA1fe7fb1d231de3337bec1bdbf375b2f84c501d2e6
SHA256a95a2b2fdedb4c5fd47dccc1b5538d266038b00671a613550525202e54713712
SHA512bda1e38da9974786d234a869c136a9ca4f2a1a76677bacf60a65a9bdc964b7eb374ef10b60b35c57067d2fc145ae7b46d836e026b57d08cfbfbac465874d8cbe
-
Filesize
206KB
MD56be5f83d76c67d05cd5385b9262298f0
SHA123ffc30390eee9942afa03299c3d4895e0e10c82
SHA25654aa0c55fbcdf7c36a52a34335dac26ea202dd5a2be175714b7363fe47515d3d
SHA51203e628df8439baa067a7a82dcc9bbc8a61d93318fe3755a7f081f906491d1ea4d8a182ef896791a609a134c8c98ff0e695b56f2cbb6b2d728f05e0edfaab2571
-
Filesize
242KB
MD503b3732a1965b1f0e83a58166358dd9b
SHA1252a7611c87e0e8c67accdfe8232ce806b9e263f
SHA256b4bcbf707e03c8d9b5861dd5085abafab9d1ba7d73c6785be13374dd0110b7c3
SHA51290e2808a260e7a41bc7d2bee282b7ff1cc013dfb1c3a3359f43c6b1b40fbbfc76e665c654b5decfd1b6ec2830fed2f414feab039703386187c07ef9d7b720a9b
-
Filesize
102KB
MD5352d0efe67c8f46bcf763cd403d4145f
SHA147da3c79f46609551342bfc31b9f2b905e7e51f1
SHA256defc745864ea79b9d356e4c7c1c18a18b8325a55bec7dd0eb64eb548e7ac1513
SHA51239728835484a69ccf955dbadf7415f9713b1078d3c15f568d739201406dfbd0b1d49418cf64c1a70c42166239f5f6cda2f61c14c12c2bd52633de57aa52403c7
-
Filesize
1.8MB
MD5ea3d7f310483fac453013f200bcc1aa2
SHA1a959f901ea74643fae6f5aa09c3f7072b653f17b
SHA256868a5e7f4f94c677ea781ccf335c6b95fa360dfdaee9e9bb74bad46b39f8bdbc
SHA512606d5266fcd525b3720d6d36b74ade6d8abe36ed7263984198f9454915b56044272e524c441cccea9472e45edab72af6d4fcae53fb0a008f72e66894f3b00402
-
Filesize
87KB
MD579cb6457c81ada9eb7f2087ce799aaa7
SHA1322ddde439d9254182f5945be8d97e9d897561ae
SHA256a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a
SHA512eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8
-
Filesize
246KB
MD5851199151b791faf430b93a7cede2ddb
SHA10d65eca7e4a08821eba43fb3de5c3165abd1564e
SHA256a79d318b27e8657c638d11ad77a56f64b21c8c857c52de00cb564d662bfddfd5
SHA5125c1c5ef108fe4e0e86aa8cf3999eaaffa9a3102b8c5c8e9f54f48041941610c090d1d389245d963a0a2f951200403b59fbea1552a149952bbbff531a5f701e52
-
Filesize
20B
MD593f1cd8cf4f0b164bb25becdddb0775c
SHA135ca4760d5949c18ee03b2bc612a06a3fa221c4e
SHA25636ef12e48c94c55dc4d8770591c5cea28e64340f9f71c3183c587bf3b4c206e9
SHA512a166d9250624ef986eee4938230fd167b35fb24137cd3ed10c3e0c9c21f185d920c5f90533aa967cab67440cd5c15a33b201b92d934b70d6c45517e50d103525
-
Filesize
140KB
MD5e1b5d8a30d71675b6b98b74641c4dbbf
SHA12e1799003065534334f84d8f5b23d883a97e4999
SHA2562810a1e3eb3bb8ff1e64fc34dd9485ffeda6a8e0b510f2879c65afa5a0ed0381
SHA5129eca414b9e27ca15d063a3ab260d2bf680bc20e62c09f25ac1aea73cbcdde90910e59cf22ffeddec6a8f9f4a42df722e6cc6d894898ec37a4801223ba4c0cffe
-
Filesize
224KB
MD51e1e34be543669a185f52a8589e84e86
SHA1a1b8d8cb3e32b6c662a05da4129e8fda02c54008
SHA256cba3b634236d173993e541f789b666d972a5437fecf04fb94036f48fff79611e
SHA51201dacd238c443bd2e11030d201819b98068b5cccdb0f1acf96582d7538d3a36a5e4087fdbf20d6b41782a854569bdaf67470cc3bb8fb9e663a3089b7307e5f36
-
Filesize
492KB
MD5a94dc60a90efd7a35c36d971e3ee7470
SHA1f936f612bc779e4ba067f77514b68c329180a380
SHA2566c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9
SHA512ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab
-
Filesize
340KB
MD5ca2f560921b7b8be1cf555a5a18d54c3
SHA1432dbcf54b6f1142058b413a9d52668a2bde011d
SHA256c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb
SHA51223e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e
-
Filesize
105KB
MD58ac275b39f47cd375de5c582af7bc5df
SHA1c8aa95fa7236925312c2f11e5051c23bdc6affd0
SHA25692b4e943a1cd10dda4f171ec767c37158ad3792c723802aad391e4e6c58057b4
SHA5129ce42bc878f4277552824f3f952244bf31ce7d915680c8ec4d6edb19774da56787f5669f7472bf4e6ffa6458e6f19023b2d25029421bd02aff2cf171f513ab7d