Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-06-2024 08:37
Static task
static1
Behavioral task
behavioral1
Sample
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe
-
Size
723KB
-
MD5
ad9282dd301bc1b501cef13d2cccf978
-
SHA1
a8d0d4bbcbdc75c19d6a1e20dc8da095e7c4d068
-
SHA256
b0ef0bc0e93d431b8aea8ddcd5a0e4601ed2b40f6637bc335ce46c517a2714d9
-
SHA512
34bdcb9e7d6a6f82d4d7a5060a9c748d5318bae402bc26da762c89ba20ca6ba4b9177e1f756b247cb5cdc0828c2e1cae8883de4d1e13a7ea9ada0fa4ef098b72
-
SSDEEP
12288:3t9v5UZIvX41qVb0xxOSDjld1FBRXjIjbRS8UT1:3t9O4wm0xxOOr7R58UB
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exedescription ioc process File opened (read-only) \??\q: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\w: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\k: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\m: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\n: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\x: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\e: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\g: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\l: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\r: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\s: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\t: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\u: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\v: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\h: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\j: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\z: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\p: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\y: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\i: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\o: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exedescription ioc process File opened for modification \??\PhysicalDrive0 ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2436-0-0x0000000000400000-0x00000000004B9000-memory.dmpFilesize
740KB