Analysis
-
max time kernel
132s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28/06/2024, 13:16
General
-
Target
1a42a7fc079eab742f029e594198979b_JaffaCakes118.exe
-
Size
20KB
-
MD5
1a42a7fc079eab742f029e594198979b
-
SHA1
9bfd19754499254c0a9a5cca215e69e424158f46
-
SHA256
83f5e7fc9ee7215765caf55f0e06f0008d1b6b3f3cdd8cc835ff21f6d5301861
-
SHA512
5545ba6100c4bfced43f3243310422164ab2e34d8ffa97e3c3cf2be07a8254ef3441865bd8c99c803a1581d58dd022031eec6028eaa9c81716a9daa6e6b18d80
-
SSDEEP
384:sjZneXcuZB44REff/gfne1xc2gjIklWaUmo83fekWxgsHXLkauyyIyeI:P/ZBnREffoa5kwaUAPekWys3myi
Score
6/10
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a42a7fc079eab742f029e594198979b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1a42a7fc079eab742f029e594198979b_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 2402⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2740 -ip 27401⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
-
Filesize
672KB