Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 08:37
Static task
static1
Behavioral task
behavioral1
Sample
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe
-
Size
723KB
-
MD5
ad9282dd301bc1b501cef13d2cccf978
-
SHA1
a8d0d4bbcbdc75c19d6a1e20dc8da095e7c4d068
-
SHA256
b0ef0bc0e93d431b8aea8ddcd5a0e4601ed2b40f6637bc335ce46c517a2714d9
-
SHA512
34bdcb9e7d6a6f82d4d7a5060a9c748d5318bae402bc26da762c89ba20ca6ba4b9177e1f756b247cb5cdc0828c2e1cae8883de4d1e13a7ea9ada0fa4ef098b72
-
SSDEEP
12288:3t9v5UZIvX41qVb0xxOSDjld1FBRXjIjbRS8UT1:3t9O4wm0xxOOr7R58UB
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exedescription ioc process File opened (read-only) \??\s: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\x: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\l: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\m: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\q: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\n: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\v: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\z: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\g: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\h: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\j: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\o: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\t: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\u: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\w: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\e: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\i: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\k: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\p: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\r: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe File opened (read-only) \??\y: ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exedescription ioc process File opened for modification \??\PhysicalDrive0 ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ad9282dd301bc1b501cef13d2cccf978_JaffaCakes118.exe"1⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3468,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3436-0-0x0000000000400000-0x00000000004B9000-memory.dmpFilesize
740KB