Overview
overview
7Static
static
3b521286a52...18.exe
windows7-x64
7b521286a52...18.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...se.rtf
windows7-x64
4$PLUGINSDI...se.rtf
windows10-2004-x64
1$PLUGINSDI...tn.dll
windows7-x64
3$PLUGINSDI...tn.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...oc.dll
windows7-x64
3$PLUGINSDI...oc.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$_47_/Web/error.html
windows7-x64
1$_47_/Web/error.html
windows10-2004-x64
1Accelerator.dll
windows7-x64
1Accelerator.dll
windows10-2004-x64
1Basicsurvey.exe
windows7-x64
1Basicsurvey.exe
windows10-2004-x64
1BoxDoctor.exe
windows7-x64
1BoxDoctor.exe
windows10-2004-x64
1MouseHook.dll
windows7-x64
1MouseHook.dll
windows10-2004-x64
1Socks.dll
windows7-x64
1Socks.dll
windows10-2004-x64
1gamebox.exe
windows7-x64
6gamebox.exe
windows10-2004-x64
6Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 20:48
Static task
static1
Behavioral task
behavioral1
Sample
b521286a522fa3051998f4d7a14bae33_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b521286a522fa3051998f4d7a14bae33_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/License.rtf
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/License.rtf
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/SkinBtn.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/SkinBtn.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/SkinProgress.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/SkinProgress.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/WndProc.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/WndProc.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
$_47_/Web/error.html
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
$_47_/Web/error.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Accelerator.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Accelerator.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
Basicsurvey.exe
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
Basicsurvey.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
BoxDoctor.exe
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
BoxDoctor.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
MouseHook.dll
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
MouseHook.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
Socks.dll
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
Socks.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
gamebox.exe
Resource
win7-20240611-en
Behavioral task
behavioral32
Sample
gamebox.exe
Resource
win10v2004-20240611-en
General
-
Target
gamebox.exe
-
Size
2.8MB
-
MD5
096b6470db9da516a4cae074c172ac98
-
SHA1
1af437bae48d5e87d68c89711b2cbf3e581fbe7a
-
SHA256
8435b0b2306f5d48cc119c7fba8501c3edad71e5f47ec27a4a2e3408e30913b3
-
SHA512
276b15aecf76109c0a6f760d3b4b070d3e0d7c8691d537bca61d7667a5c277466785c586809140e0bbb62ba2f96d7aa8ecae4588867fbb9094bb7f0c60ac9d7e
-
SSDEEP
49152:kDtu+HSgpOSpSQpbOJWWDD3t1vrhM+scRsITkWYqeXH+HZ91+FgjZCu7wK:kDE2Sgp1SmyJLt1jdsceXH+j
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
gamebox.exedescription ioc process File opened for modification \??\PhysicalDrive0 gamebox.exe -
Suspicious behavior: EnumeratesProcesses 62 IoCs
Processes:
gamebox.exepid process 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe 3896 gamebox.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
gamebox.exepid process 3896 gamebox.exe 3896 gamebox.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
87B
MD53ad4a3abfe81df3b0108713295d8dd4f
SHA187231f7137cd6ec1719d940b837a6de3e3be80e0
SHA256979ab9c301c2cfd0e42ead9e153425f487f9a9a1cfce6cd12f7660a6e61676fd
SHA5123c6d3e7648d659e87fea272c6748a82d74808e2aacffe2fd26ed988abdd470f7e4e3cc10fe0b2837166364945cd09b2c0d14f097d16e018480db9b0f8bb674d5