b515ac31407012348fad9c8908cc701bf643298156f47edd055c2dd27aa0cfcf

Analysis

max time kernel
121s
max time network
140s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe
Size

684KB
MD5

08ad367cdb71dff0ad8a44b417b77fe7
SHA1

7b00d2c4fbce796f4b616543a7bf1b1d41cebd05
SHA256

b515ac31407012348fad9c8908cc701bf643298156f47edd055c2dd27aa0cfcf
SHA512

049ab70a484190edcf8009b62a104785098ac6528f953993debc90c7b68d9dbae60f10ea080ddb8f60b79437c904c78bc2570d3ebaf330888dfef07a76763fa6
SSDEEP

12288:9FBA+i/FxAVmjeS5Kb62RDAvl/evB5yRtxD85Z9xUKTr5IRwIiKsD:97oJeS5Kb62R67RtBG9xTr55D

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2040	08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe
2040	08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe
2040	08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe
2040	08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\08ad367cdb71dff0ad8a44b417b77fe7_JaffaCakes118.exe"
1⤵
- Checks BIOS information in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads