Overview

overview

8

Static

static

3

2c77d96a9b...18.exe

windows7-x64

8

2c77d96a9b...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 13:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2c77d96a9bfc44feaf56a636854c9c6e_JaffaCakes118.exe

  • Size

    168KB

  • MD5

    2c77d96a9bfc44feaf56a636854c9c6e

  • SHA1

    3bafb9a9c40d9c7ae11b783a490ae42c833be3a0

  • SHA256

    9a38df005209e6daefe1938420e2314100814081eb2fcbefbb32eb31e730e6c1

  • SHA512

    c8f4bf2cb21f14bc616a8cdc759341c32aee591d7194e8283f34c7d05a5bba24c6e05e748604ee20729ddfbb31314c90f0731ebdc79c8896bd1fb90f5cc3508c

  • SSDEEP

    3072:zdq0eiPj6fmgbLwlR/nR9QYfOjdqFyCtpnXKn/QMtqb473H:zdq0PPj6fmsLQD9QyOjdqFyCtlXO/QMd

Score
8/10
bootkitpersistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c77d96a9bfc44feaf56a636854c9c6e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2c77d96a9bfc44feaf56a636854c9c6e_JaffaCakes118.exe"
    1⤵
    • Drops file in Drivers directory
    • Server Software Component: Terminal Services DLL
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:600
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
    • Deletes itself
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    PID:2100

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\t4v2QPJnDH.del
          Filesize

          86B

          MD5

          872ef36a136d5311695f0d0acd72a218

          SHA1

          351e7e67103dcbbd7d269524e1b704b8d9c44c97

          SHA256

          d554d91a72ac9d694bbe76bf0159f0d33a64ce35710cf40d7f63ce1be10be838

          SHA512

          4d4ae2810c11427e75381a4ab867853967444d2cd4f8a665d4bdf6a2187747461ddaf261941ef6d4541bf69d14993943afa9670c2be27f606dd63f514abb3cca

          Download Submit

        • \Windows\System32\drivers\etc\PbCNjpxK.dll
          Filesize

          133KB

          MD5

          9884ab54d52627ec42d96702666fa936

          SHA1

          4e6cd1048761b6d951b449fe92aabe055af1ea15

          SHA256

          39ddb5400835b75302eca27a1d60e96a144ebb40a84cb07689f58297eff2559a

          SHA512

          53d2df6f207825282f3add2045378a58447192cdf223a19fd4935687b8567f8c6720722dc0ef147247a8ed21e5b83aab66152750fff859d6d637243c6b9a5b54

          Download Submit

        • memory/600-3-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/600-8-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2100-6-0x0000000000170000-0x0000000000196000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2100-9-0x0000000000170000-0x0000000000196000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2100-10-0x0000000000170000-0x0000000000196000-memory.dmp

          Filesize

          152KB

          Download

        • memory/2100-13-0x0000000000170000-0x0000000000196000-memory.dmp

          Filesize

          152KB

          Download