Analysis Overview
SHA256
1e29fc8ac062a107c7a052b187db87daf694da22c0501aa35f8addcf0275065f
Threat Level: Shows suspicious behavior
The file a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:04
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:04
Reported
2024-06-12 20:07
Platform
win10v2004-20240508-en
Max time kernel
146s
Max time network
152s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99} | C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}\ProcID = "{28C4E584-B1E4-123C-3030-303133067200}" | C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe"
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:04
Reported
2024-06-12 20:07
Platform
win7-20240611-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99} | C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}\ProcID = "{248D269C-24EC-123C-3030-30313306D700}" | C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a21f55dbec59074b29dc700fc59afa5a_JaffaCakes118.exe"