Analysis Overview
SHA256
18d9788c03f98f7906c8612fac92841fb9289ff006bf0fe6b36f42c8e616f603
Threat Level: Likely malicious
The file 16db0521936097054ae735a93c60942d_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
VMProtect packed file
Drops file in System32 directory
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-27 17:24
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-27 17:24
Reported
2024-06-27 17:27
Platform
win7-20240221-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Drops file in Drivers directory
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe"
Network
Files
memory/1888-0-0x0000000000400000-0x000000000052B000-memory.dmp
memory/1888-1-0x0000000000400000-0x000000000052B000-memory.dmp
memory/1888-4-0x0000000000400000-0x000000000052B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-27 17:24
Reported
2024-06-27 17:27
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
52s
Command Line
Signatures
Drops file in Drivers directory
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys | C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys | C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys | C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys | C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys | C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys | C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\16db0521936097054ae735a93c60942d_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/3256-0-0x0000000000400000-0x000000000052B000-memory.dmp
memory/3256-1-0x0000000000400000-0x000000000052B000-memory.dmp
memory/3256-2-0x0000000000400000-0x000000000052B000-memory.dmp