Analysis Overview
SHA256
c2627e9d8a5d7f339ae4cc2ae042d32043a07d999f5e826c54628a4cfdc193b3
Threat Level: Shows suspicious behavior
The file 064d2880d2c86793057053a75b36508e_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Unsigned PE
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 13:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 13:12
Reported
2024-06-20 13:15
Platform
win7-20240508-en
Max time kernel
122s
Max time network
122s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.key | C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ | C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" | C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.flash_player20.kit.net | udp |
| BR | 201.7.182.206:80 | www.flash_player20.kit.net | tcp |
| BR | 201.7.182.206:80 | www.flash_player20.kit.net | tcp |
| US | 8.8.8.8:53 | moduloprincipal.110mb.com | udp |
Files
memory/1284-1-0x00000000002F0000-0x0000000000320000-memory.dmp
memory/1284-0-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1284-2-0x0000000000450000-0x0000000000452000-memory.dmp
memory/1284-15-0x0000000001F10000-0x0000000001F11000-memory.dmp
memory/1284-14-0x0000000001F20000-0x0000000001F21000-memory.dmp
memory/1284-13-0x0000000001F30000-0x0000000001F31000-memory.dmp
memory/1284-12-0x0000000001F40000-0x0000000001F41000-memory.dmp
memory/1284-11-0x0000000001EF0000-0x0000000001EF1000-memory.dmp
memory/1284-10-0x0000000001F00000-0x0000000001F01000-memory.dmp
memory/1284-9-0x0000000001E90000-0x0000000001E91000-memory.dmp
memory/1284-8-0x0000000001EA0000-0x0000000001EA1000-memory.dmp
memory/1284-7-0x0000000001ED0000-0x0000000001ED1000-memory.dmp
memory/1284-6-0x0000000001EE0000-0x0000000001EE1000-memory.dmp
memory/1284-5-0x0000000001E70000-0x0000000001E71000-memory.dmp
memory/1284-4-0x0000000001E80000-0x0000000001E81000-memory.dmp
memory/1284-3-0x0000000000440000-0x0000000000441000-memory.dmp
memory/1284-16-0x0000000000400000-0x000000000042B000-memory.dmp
memory/1284-17-0x00000000002F0000-0x0000000000320000-memory.dmp
memory/1284-21-0x0000000000400000-0x000000000042B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 13:12
Reported
2024-06-20 13:15
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
52s
Command Line
Signatures
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.key | C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ | C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" | C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\064d2880d2c86793057053a75b36508e_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.flash_player20.kit.net | udp |
| US | 8.8.8.8:53 | www.flash_player20.kit.net | udp |
| US | 8.8.8.8:53 | moduloprincipal.110mb.com | udp |
Files
memory/3744-0-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3744-1-0x0000000002080000-0x00000000020B0000-memory.dmp
memory/3744-2-0x00000000005C0000-0x00000000005C2000-memory.dmp
memory/3744-13-0x0000000002360000-0x0000000002361000-memory.dmp
memory/3744-15-0x0000000002340000-0x0000000002341000-memory.dmp
memory/3744-14-0x0000000002350000-0x0000000002351000-memory.dmp
memory/3744-12-0x0000000002370000-0x0000000002371000-memory.dmp
memory/3744-11-0x0000000002320000-0x0000000002321000-memory.dmp
memory/3744-10-0x0000000002330000-0x0000000002331000-memory.dmp
memory/3744-9-0x00000000022B0000-0x00000000022B1000-memory.dmp
memory/3744-8-0x00000000022C0000-0x00000000022C1000-memory.dmp
memory/3744-7-0x0000000002300000-0x0000000002301000-memory.dmp
memory/3744-6-0x0000000002310000-0x0000000002311000-memory.dmp
memory/3744-5-0x0000000002290000-0x0000000002291000-memory.dmp
memory/3744-4-0x00000000022A0000-0x00000000022A1000-memory.dmp
memory/3744-3-0x00000000005B0000-0x00000000005B1000-memory.dmp
memory/3744-16-0x0000000000400000-0x000000000042B000-memory.dmp
memory/3744-17-0x0000000002080000-0x00000000020B0000-memory.dmp
memory/3744-19-0x0000000000400000-0x000000000042B000-memory.dmp