Analysis Overview
SHA256
88408e5254a63b19552d2b61b0f97ee41f03769bdd65a5168f6b37464214bd42
Threat Level: Likely malicious
The file 057d5457220867a868f1cbc95dfad748_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Writes to the Master Boot Record (MBR)
Program crash
Unsigned PE
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 11:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 11:15
Reported
2024-06-20 11:18
Platform
win7-20240611-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.key | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe"
Network
Files
memory/1248-0-0x0000000000400000-0x0000000000477000-memory.dmp
memory/1248-1-0x0000000000260000-0x0000000000290000-memory.dmp
memory/1248-6-0x0000000000260000-0x0000000000290000-memory.dmp
memory/1248-2-0x0000000000290000-0x0000000000294000-memory.dmp
memory/1248-31-0x0000000001F50000-0x0000000001F51000-memory.dmp
memory/1248-58-0x0000000002400000-0x0000000002401000-memory.dmp
memory/1248-57-0x0000000002410000-0x0000000002411000-memory.dmp
memory/1248-56-0x00000000023E0000-0x00000000023E1000-memory.dmp
memory/1248-55-0x00000000023F0000-0x00000000023F1000-memory.dmp
memory/1248-53-0x00000000023C0000-0x00000000023C1000-memory.dmp
memory/1248-54-0x0000000000400000-0x0000000000477000-memory.dmp
memory/1248-52-0x00000000023D0000-0x00000000023D1000-memory.dmp
memory/1248-51-0x00000000023A0000-0x00000000023A1000-memory.dmp
memory/1248-50-0x00000000023B0000-0x00000000023B1000-memory.dmp
memory/1248-49-0x0000000002380000-0x0000000002381000-memory.dmp
memory/1248-48-0x0000000002390000-0x0000000002391000-memory.dmp
memory/1248-47-0x0000000002360000-0x0000000002361000-memory.dmp
memory/1248-46-0x0000000002370000-0x0000000002371000-memory.dmp
memory/1248-45-0x0000000002340000-0x0000000002341000-memory.dmp
memory/1248-44-0x0000000002350000-0x0000000002351000-memory.dmp
memory/1248-43-0x0000000002010000-0x0000000002011000-memory.dmp
memory/1248-42-0x0000000002330000-0x0000000002331000-memory.dmp
memory/1248-41-0x0000000001FF0000-0x0000000001FF1000-memory.dmp
memory/1248-40-0x0000000002000000-0x0000000002001000-memory.dmp
memory/1248-39-0x0000000001FD0000-0x0000000001FD1000-memory.dmp
memory/1248-38-0x0000000001FE0000-0x0000000001FE1000-memory.dmp
memory/1248-37-0x0000000001FB0000-0x0000000001FB1000-memory.dmp
memory/1248-36-0x0000000001FC0000-0x0000000001FC1000-memory.dmp
memory/1248-35-0x0000000001F90000-0x0000000001F91000-memory.dmp
memory/1248-34-0x0000000001FA0000-0x0000000001FA1000-memory.dmp
memory/1248-33-0x0000000001F70000-0x0000000001F71000-memory.dmp
memory/1248-32-0x0000000001F80000-0x0000000001F81000-memory.dmp
memory/1248-30-0x0000000001F60000-0x0000000001F61000-memory.dmp
memory/1248-29-0x0000000001EF0000-0x0000000001EF1000-memory.dmp
memory/1248-28-0x0000000001F40000-0x0000000001F41000-memory.dmp
memory/1248-27-0x0000000001ED0000-0x0000000001ED1000-memory.dmp
memory/1248-26-0x0000000001EE0000-0x0000000001EE1000-memory.dmp
memory/1248-25-0x0000000000830000-0x0000000000831000-memory.dmp
memory/1248-24-0x0000000000840000-0x0000000000841000-memory.dmp
memory/1248-23-0x0000000000580000-0x0000000000581000-memory.dmp
memory/1248-22-0x0000000000820000-0x0000000000821000-memory.dmp
memory/1248-21-0x00000000003E0000-0x00000000003E1000-memory.dmp
memory/1248-20-0x00000000003F0000-0x00000000003F1000-memory.dmp
memory/1248-19-0x00000000003C0000-0x00000000003C1000-memory.dmp
memory/1248-18-0x00000000003D0000-0x00000000003D1000-memory.dmp
memory/1248-17-0x00000000003A0000-0x00000000003A1000-memory.dmp
memory/1248-16-0x00000000003B0000-0x00000000003B1000-memory.dmp
memory/1248-15-0x0000000000380000-0x0000000000381000-memory.dmp
memory/1248-14-0x0000000000390000-0x0000000000391000-memory.dmp
memory/1248-13-0x0000000000360000-0x0000000000361000-memory.dmp
memory/1248-12-0x0000000000370000-0x0000000000371000-memory.dmp
memory/1248-11-0x00000000002B0000-0x00000000002B1000-memory.dmp
memory/1248-10-0x0000000000240000-0x0000000000241000-memory.dmp
memory/1248-9-0x0000000000230000-0x0000000000231000-memory.dmp
memory/1248-8-0x00000000002A0000-0x00000000002A1000-memory.dmp
memory/1248-7-0x0000000000250000-0x0000000000251000-memory.dmp
memory/1248-59-0x0000000002400000-0x0000000002401000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 11:15
Reported
2024-06-20 11:18
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
53s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.key | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" | C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\057d5457220867a868f1cbc95dfad748_JaffaCakes118.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3184 -ip 3184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 472
Network
Files
memory/3184-1-0x0000000000620000-0x0000000000650000-memory.dmp
memory/3184-0-0x0000000000400000-0x0000000000477000-memory.dmp
memory/3184-20-0x0000000002330000-0x0000000002331000-memory.dmp
memory/3184-31-0x00000000023C0000-0x00000000023C1000-memory.dmp
memory/3184-30-0x00000000023D0000-0x00000000023D1000-memory.dmp
memory/3184-29-0x00000000023A0000-0x00000000023A1000-memory.dmp
memory/3184-28-0x00000000023B0000-0x00000000023B1000-memory.dmp
memory/3184-27-0x0000000002380000-0x0000000002381000-memory.dmp
memory/3184-26-0x0000000002390000-0x0000000002391000-memory.dmp
memory/3184-25-0x0000000002360000-0x0000000002361000-memory.dmp
memory/3184-53-0x0000000002530000-0x0000000002531000-memory.dmp
memory/3184-52-0x0000000002540000-0x0000000002541000-memory.dmp
memory/3184-51-0x0000000002510000-0x0000000002511000-memory.dmp
memory/3184-50-0x0000000002520000-0x0000000002521000-memory.dmp
memory/3184-49-0x00000000024F0000-0x00000000024F1000-memory.dmp
memory/3184-48-0x0000000002500000-0x0000000002501000-memory.dmp
memory/3184-47-0x00000000024D0000-0x00000000024D1000-memory.dmp
memory/3184-46-0x00000000024E0000-0x00000000024E1000-memory.dmp
memory/3184-45-0x00000000024A0000-0x00000000024A1000-memory.dmp
memory/3184-44-0x00000000024B0000-0x00000000024B1000-memory.dmp
memory/3184-43-0x0000000002480000-0x0000000002481000-memory.dmp
memory/3184-42-0x0000000002490000-0x0000000002491000-memory.dmp
memory/3184-41-0x0000000002460000-0x0000000002461000-memory.dmp
memory/3184-40-0x0000000002470000-0x0000000002471000-memory.dmp
memory/3184-39-0x0000000002440000-0x0000000002441000-memory.dmp
memory/3184-38-0x0000000002450000-0x0000000002451000-memory.dmp
memory/3184-37-0x0000000002420000-0x0000000002421000-memory.dmp
memory/3184-36-0x0000000002430000-0x0000000002431000-memory.dmp
memory/3184-35-0x0000000002400000-0x0000000002401000-memory.dmp
memory/3184-34-0x0000000002410000-0x0000000002411000-memory.dmp
memory/3184-33-0x00000000023E0000-0x00000000023E1000-memory.dmp
memory/3184-32-0x00000000023F0000-0x00000000023F1000-memory.dmp
memory/3184-24-0x0000000002370000-0x0000000002371000-memory.dmp
memory/3184-23-0x0000000002340000-0x0000000002341000-memory.dmp
memory/3184-22-0x0000000002350000-0x0000000002351000-memory.dmp
memory/3184-21-0x0000000002320000-0x0000000002321000-memory.dmp
memory/3184-19-0x0000000002300000-0x0000000002301000-memory.dmp
memory/3184-18-0x0000000002310000-0x0000000002311000-memory.dmp
memory/3184-17-0x00000000022E0000-0x00000000022E1000-memory.dmp
memory/3184-16-0x00000000022F0000-0x00000000022F1000-memory.dmp
memory/3184-15-0x00000000022C0000-0x00000000022C1000-memory.dmp
memory/3184-14-0x00000000022D0000-0x00000000022D1000-memory.dmp
memory/3184-13-0x0000000000700000-0x0000000000701000-memory.dmp
memory/3184-11-0x00000000006E0000-0x00000000006E1000-memory.dmp
memory/3184-10-0x00000000006F0000-0x00000000006F1000-memory.dmp
memory/3184-9-0x00000000006B0000-0x00000000006B1000-memory.dmp
memory/3184-8-0x00000000006D0000-0x00000000006D1000-memory.dmp
memory/3184-7-0x0000000000670000-0x0000000000671000-memory.dmp
memory/3184-6-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/3184-5-0x00000000005E0000-0x00000000005E1000-memory.dmp
memory/3184-4-0x0000000000660000-0x0000000000661000-memory.dmp
memory/3184-3-0x0000000000600000-0x0000000000601000-memory.dmp
memory/3184-2-0x0000000000650000-0x0000000000654000-memory.dmp
memory/3184-12-0x00000000022B0000-0x00000000022B1000-memory.dmp
memory/3184-54-0x0000000000400000-0x0000000000477000-memory.dmp
memory/3184-55-0x0000000000620000-0x0000000000650000-memory.dmp