Analysis
-
max time kernel
138s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 13:27
Static task
static1
Behavioral task
behavioral1
Sample
0669a0fca784e0b59cfd0502d9dddf79_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0669a0fca784e0b59cfd0502d9dddf79_JaffaCakes118.exe
Resource
win10v2004-20240611-en
General
-
Target
0669a0fca784e0b59cfd0502d9dddf79_JaffaCakes118.exe
-
Size
24KB
-
MD5
0669a0fca784e0b59cfd0502d9dddf79
-
SHA1
4178a4681c152a46b5361d15ab30de0528ef8387
-
SHA256
28f2f1283c4194bb1f34b9a863af311f122dfe60a36dd8a329820af7f4d6693b
-
SHA512
9aa25879d05f43bc990b5d107b38eebe5f3611a7a3fed5c67bd7e2774af867f093a034c7eb632b0db896d231991a2bb6d90f96a4d192ebc0c86b95cc25ddf01a
-
SSDEEP
384:0GMY/VUGAL1wmPzZkReCgteenvb1B3Z4F:mY9UzpwmPi4Cg5JZZ4
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 0669a0fca784e0b59cfd0502d9dddf79_JaffaCakes118.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF604EFE-8897-11D1-B944-00A0C90312E1}\InProcServer32\ 0669a0fca784e0b59cfd0502d9dddf79_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4592 0669a0fca784e0b59cfd0502d9dddf79_JaffaCakes118.exe