Overview
overview
8Static
static
3b2cf95a23a...18.exe
windows7-x64
8b2cf95a23a...18.exe
windows10-2004-x64
8$PLUGINSDI...nd.dll
windows7-x64
3$PLUGINSDI...nd.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3K8Browser.exe
windows7-x64
6K8Browser.exe
windows10-2004-x64
6K8BugReport.exe
windows7-x64
1K8BugReport.exe
windows10-2004-x64
1K8Common.dll
windows7-x64
3K8Common.dll
windows10-2004-x64
3K8DLPlatform.exe
windows7-x64
1K8DLPlatform.exe
windows10-2004-x64
1K8DLUtils.dll
windows7-x64
3K8DLUtils.dll
windows10-2004-x64
3K8Flash.exe
windows7-x64
6K8Flash.exe
windows10-2004-x64
6K8GM.exe
windows7-x64
6K8GM.exe
windows10-2004-x64
6K8UIRender.dll
windows7-x64
3K8UIRender.dll
windows10-2004-x64
3K8Update.exe
windows7-x64
6K8Update.exe
windows10-2004-x64
6K8UrlEncrypt.dll
windows7-x64
1K8UrlEncrypt.dll
windows10-2004-x64
3K8Version.dll
windows7-x64
1K8Version.dll
windows10-2004-x64
3K8Web.exe
windows7-x64
1K8Web.exe
windows10-2004-x64
1Uninstall.exe
windows7-x64
6Uninstall.exe
windows10-2004-x64
6General
-
Target
b2cf95a23a65114fe6c359a98bd3d9dc_JaffaCakes118
-
Size
11.8MB
-
Sample
240616-lj9maascjm
-
MD5
b2cf95a23a65114fe6c359a98bd3d9dc
-
SHA1
6e0398d35925711325ec0ab7e85a6a2dfd3703d4
-
SHA256
45219bb6bc2c659cb4368a8d70cecce4405f727b88bd4d6cfa93bb4bcecf67cc
-
SHA512
2adfac81cdc8beac08c4b60c93c0e44b6dcf8cfaa912271291b5873f605adc1f7425f37d99652a9e36546544a4d34ee32aa3207bf83a56109f82404a3264af79
-
SSDEEP
196608:qdkzxtklvvgnLRHDzDlstn19nDFrRi7RVR4ML7LnSk7APicAbnCIsuYRL6E06:deHU1D0RiNVuMekiicaCkY9T
Static task
static1
Behavioral task
behavioral1
Sample
b2cf95a23a65114fe6c359a98bd3d9dc_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b2cf95a23a65114fe6c359a98bd3d9dc_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/K8NsisMiniExtend.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/K8NsisMiniExtend.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
K8Browser.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
K8Browser.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
K8BugReport.exe
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
K8BugReport.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
K8Common.dll
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
K8Common.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
K8DLPlatform.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
K8DLPlatform.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
K8DLUtils.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
K8DLUtils.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
K8Flash.exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
K8Flash.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
K8GM.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
K8GM.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
K8UIRender.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
K8UIRender.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
K8Update.exe
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
K8Update.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
K8UrlEncrypt.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
K8UrlEncrypt.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral27
Sample
K8Version.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
K8Version.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
K8Web.exe
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
K8Web.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
Uninstall.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
b2cf95a23a65114fe6c359a98bd3d9dc_JaffaCakes118
-
Size
11.8MB
-
MD5
b2cf95a23a65114fe6c359a98bd3d9dc
-
SHA1
6e0398d35925711325ec0ab7e85a6a2dfd3703d4
-
SHA256
45219bb6bc2c659cb4368a8d70cecce4405f727b88bd4d6cfa93bb4bcecf67cc
-
SHA512
2adfac81cdc8beac08c4b60c93c0e44b6dcf8cfaa912271291b5873f605adc1f7425f37d99652a9e36546544a4d34ee32aa3207bf83a56109f82404a3264af79
-
SSDEEP
196608:qdkzxtklvvgnLRHDzDlstn19nDFrRi7RVR4ML7LnSk7APicAbnCIsuYRL6E06:deHU1D0RiNVuMekiicaCkY9T
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/K8NsisMiniExtend.dll
-
Size
1.1MB
-
MD5
4f06490fa958809bebe23f3ac9e65b9d
-
SHA1
fa9a0dd8befe4bca210f7d9d2dfae13a7288f574
-
SHA256
81f626ca246a626ff3eee65766ba68272e61b616fc73ab434f7095efe6a81948
-
SHA512
d6695ddf9f91a82025989a61c01e1c4de1a42228887d6081bb6891edcd8b77dec665464bfc813118fbaf31aa01a25620a905fa6b9c9e188cee7f9e00765e03fa
-
SSDEEP
24576:1bU2OgV349O8vzz6ro9+Y9DCjsOG4c3TjC7J1E:yj9s23TO7J1E
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
75ed96254fbf894e42058062b4b4f0d1
-
SHA1
996503f1383b49021eb3427bc28d13b5bbd11977
-
SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
-
SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
-
SSDEEP
192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score3/10 -
-
-
Target
K8Browser.exe
-
Size
1.1MB
-
MD5
29995bc4d82683db3648557329e51d5b
-
SHA1
4c7fc59bf7de887c138ecb9e38eff9c32d2ca8d4
-
SHA256
0710121a5ddd4383cb9a770aba53636418ca26f9dc7006dd8cfc53a73910347a
-
SHA512
95d032c04d9dfa69f65daf3c669e5f7e82783f3762d54ebb306c60370e424eca5dfa73478e56abfeb6e215df1ea5ab6b56adcb1f71a2b7501227d890040333c6
-
SSDEEP
12288:v1p1Tkhm90N4BJRILg6NZJBJw5oGe9HJlfzIhyH7T878SDHS:vL1Tk09lekIZJBJeESh4o7THS
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
K8BugReport.exe
-
Size
136KB
-
MD5
603440f387936985edaa64cc8cf38d70
-
SHA1
2fa21b96a26a76d8037a439101807bc19fe8983c
-
SHA256
8a9949b936f91f5d02ca6677eae6864cb28eca621a41ff0f3d38dbf25116eca4
-
SHA512
069d93bbfa734cdbd3089976dd0dde19b202970629c18aab1092f70e86ce9d45432260c96b810e37a8b3dfae37239c3683855d3935cab661074ed00c105731ed
-
SSDEEP
1536:MjL+DdsW95d01huQaureRM2M44rBOaOUvI+n37tUCdxYTCCE0aod8fk0PgDT:psW95g1PCRMmIBOaZIK37tU62fofkg4
Score1/10 -
-
-
Target
K8Common.dll
-
Size
3.2MB
-
MD5
8fc25e0b99bb3d925ae711f6c7bea740
-
SHA1
d73bbf2cc735a583aa27d4cf12d915ca4b87878a
-
SHA256
5460584aeeae8045ec78d727401042b01d968cd579cfe972a93661dec66d527c
-
SHA512
4dbf293cd79339bd921ee7cc6ab4f0c023437da2594bf5feb877c10bc3711c51f6c7bdcaf327916f8bee456a7da949b107bf73526edee96dbc3091737338529d
-
SSDEEP
49152:3dQiASjgvO3nxfDltU7KU+VUq5aTZdsXo3T:td2O3NZtvm
Score3/10 -
-
-
Target
K8DLPlatform.exe
-
Size
1.9MB
-
MD5
9b70c3e4168654c1670e3b06a82b1c5d
-
SHA1
4a48d7a84af53547f53a25af970f311f7a8b00a8
-
SHA256
29225c2af35241c3bc81aff8e933ee36e9730abd82626696c9294f33321d5de3
-
SHA512
6632ed5ce35819ca47f098e952458f6f2b3812da29f3bd1ce3f280f80be1438622db12756423690419350de5571f88d1b8989c1cfa87324808682227e08c7221
-
SSDEEP
49152:hRsPokol6XqQKlh8JjW5B/Rm7DuUA16ZCZ6MA2Q6wWHSx:h+7DI5QtWu
Score1/10 -
-
-
Target
K8DLUtils.dll
-
Size
836KB
-
MD5
e5f2c90221dfbd05895506e27e1a06c6
-
SHA1
7a11f8c81fa1e60b9d7b3fda178322eabc2385dc
-
SHA256
8725b0148ba726d1c09bcabb34aace733b50aa42bb270832a9dda05a1cf9e41d
-
SHA512
47e7866f2d387d3f1d2e0e6ef3e9c2dc5af965119dca5fea449d7a1adc9f5784359624b3d2fac5d70b735481c05da7c3cc4ed43f08d98fe1407041d8de0492a7
-
SSDEEP
12288:6OJhBZBlNWzeqJD2byGdCMh8XryLJ/mQL6kS9bSy:6OJ3ZBlNWzeqobrwM9Lxb6kS9my
Score3/10 -
-
-
Target
K8Flash.exe
-
Size
852KB
-
MD5
22e8aa32cf188494cc10eac6649fd6be
-
SHA1
20da399f93576e2d2e8d68175e277bc184606b81
-
SHA256
89a6d4ac2dd90a44bb9c6e8e4127e8ed94deec7786c63ea187f6f1c6c8e7ea21
-
SHA512
b4667722a43d29538d4f175448f96fdabca76972710f55c1dbeffba090bec6849695ad3ae0f332de3a937e60c2581b31cdc1bc2d4737c26317361252cab36ffa
-
SSDEEP
12288:p1uTeu302Q5w+EP8WuT8hlpuXaD1MODT6mOmE7GWDMXeLAYb6:p1uTeu302Q2+EP9r1MODOCXeUYb6
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
K8GM.exe
-
Size
6.4MB
-
MD5
649de09108eb34a85c47a15888301bc1
-
SHA1
324185622501cee300d09433ef9eef4a24edc2c7
-
SHA256
fc31aae50b7a11f924581510f457b20a2ddb0c53b182e2936fefa7d0209bd847
-
SHA512
89603ad349d6ec1d0a16080142fed3b211b3aac1417bcf98c44f419d0cc90613150e5b4cf02b00af24098a4b484286e87aa940c808d2e8b45528be529b97cde9
-
SSDEEP
98304:O2lrOritJbOBxdSWRZG+OHDvVP/dQhxrTAJ22Yvq:O2lrPtgxdSUg+OHDdHdyxnVvi
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
K8UIRender.dll
-
Size
1.1MB
-
MD5
fb39336e039ddbebca99f9062dfcb882
-
SHA1
b33f78e62e75338163367ccf9b1af172d7e8dd39
-
SHA256
c60c3658f676c8607e16d279af943cf7a858ede2d1c1f91cd04a9401c6120a00
-
SHA512
8e5781a7da3e67de3bcadf31f3f007dfa8e47a3caf80ede98f34a77808cef6acb2f377df2056ac6b9a85e9413f6a162e0df6e8c110c90e796d12556f0b3f1f84
-
SSDEEP
24576:2/TugCqjXmcjeIToIwG9dtldeNCHOw0eCCyjap8pf:Yvbea3thmeCFHd
Score3/10 -
-
-
Target
K8Update.exe
-
Size
352KB
-
MD5
0a29343747b537a8a6e2091e1d8b6552
-
SHA1
a7b79a823b64c39ce91ad8a978a21dd6f4fd2205
-
SHA256
5aaec9dfc1d0cb79b035ccdfa07989c3949bd601cf2ee2c96c50172b7436eef1
-
SHA512
f89b4a9a97c82e87b99fece4ce81f45eab2544bbbb5d35191e468512f30d27fb5541363d7f43225f28c645f8d85ca397783d562532b3fac7d64b6219571a965c
-
SSDEEP
6144:iIXU2XB+RNDwGtlkYuu3eHqr9rsOQPEKqlRlNtRR:zXU2XeUG4YsHA7LR
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
K8UrlEncrypt.dll
-
Size
38KB
-
MD5
c2d7b02b0efd893f70a194629a6d701d
-
SHA1
428135cb98b5f1c065aacdbb03923286bd8dae5e
-
SHA256
4fc899e006ba4c2d474c4a97778a42a154bf90ef187f5afe245f1d6021dce6d1
-
SHA512
64c656fd6f9f62441919e46779449652333dcee9a72e5a0427ac982b351be55628ba01f82c3512e3c61ff99c0cf4ccfc5ff2e7eb3645019de57d914972d52664
-
SSDEEP
384:qBYcaN0PtDfaXQAo3liSgsRjP+zfb5j56qCViOM5OArZ69rEZsaMiBT6VMK6jrik:qm6b3job5IqGmOAIKFRDKgQuIhW
Score3/10 -
-
-
Target
K8Version.dll
-
Size
24KB
-
MD5
ca008ee047d2a1ae71a2fa1acad3d663
-
SHA1
06c497d5746db3166070a026cd88948af414836c
-
SHA256
5bf35c652a5f1faf9ae50347f480a8e35e28d3ad8fe929a8a692861174bbb64c
-
SHA512
797d31d63948b53a4088671f5c67f0e6e8d21dd45fe0aa3590924cc9bd20c4f84cb333fe0e5f2e67148854cda204235a142479ead973c9c28254273954427b5d
-
SSDEEP
384:p28rx6BS5Mdrq69Nqw5eAAfiBT6RMK6jGiBT6RjQPnhH2X:3rQBke7PoMzKgvCjshH2X
Score3/10 -
-
-
Target
K8Web.exe
-
Size
156KB
-
MD5
4019455b0cf699f6a9393bca7a0c1dc0
-
SHA1
d3a3d83dc6b07f4a49f6c2c81dab581baf639120
-
SHA256
a1307e89ee17cc334391b4ba59a235c579a968f7f506c5b4992c75baf91e7064
-
SHA512
89e13addd93ec8e3c37cbf2c521d72289d071d9a6e059f7ce248af0a1a4fddf8b6f68411270550c7c98f6e1e4d3fa1f602eb6d6411624891dc227030f19c6ec6
-
SSDEEP
3072:jIr4BKNrihzDWy6LmG/GKotQKBwtHK+OCL0MeO:jIr4sRYzyy6oQkYOCALO
Score1/10 -
-
-
Target
Uninstall.exe
-
Size
1007KB
-
MD5
7ab82c3050cd78c529cf3789ba4d0c8a
-
SHA1
3d904497a84840340bc91125965fec5991fe9bb5
-
SHA256
8cfaa49262e62d8474d5e21a5b206394189c601e776d37503d5b57e9af65b5a4
-
SHA512
07289579aab37eee49e2ac2081dbfefefe94e3262d5497b25ac49f942d7798d8d067cb19ac0365c43a68e043ae33cf6e85b77aea9440826b76b8ebbca50d95db
-
SSDEEP
24576:Jov35e2VBbPkyexsVUCr30PbYFjvVcbE6QSutPKVI6aZHrNa:GJpVBzkyS00PbqjqctLZHrNa
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Pre-OS Boot
1Bootkit
1