94db636bc0a64d4b16943ec11acf771b81191aa1658d0fadc5a9521c83888b2f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
Size

197KB
MD5

3b3c148e76f2ea4133474a9fd67e1ba7
SHA1

9599413b1b8dab8b8213667ec4094423ca5497c2
SHA256

94db636bc0a64d4b16943ec11acf771b81191aa1658d0fadc5a9521c83888b2f
SHA512

2ba2d5f40a8b074ff20ac3a46667d6359023f9e47c63f904dd81a7cf64c608da856a2cd0537398015da54b0a94f815bce00fa4d11d7278e8cebf08314436808c
SSDEEP

6144:IK7h8AipVrCZwT3vtvKl6uu1aKX7YnQktTjLG:FhfWm2vtvKQuJKsnQktXLG

Score

8^/10

vmprotect

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\cmdide.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\hidir.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\ndiscap.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\secdrv.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\synth3dvsc.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DRIVERS\netbt.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\hidbth.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\IPMIDrv.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\megasas.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\arc.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\terminpt.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\agp440.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\hcw85cir.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\intelide.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\ipnat.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\wd.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\b57nd60a.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\NDProxy.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\tcpipreg.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\MSKSSRV.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\rdpvideominiport.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\usbprint.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\lltdio.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\amdide.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\nv_agp.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\pciide.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\pcmcia.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\stexstor.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\MSTEE.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\VMBusHID.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\adpahci.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\Beep.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\CmBatt.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\compbatt.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\kbdhid.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\MSPQM.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\rdpencdd.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\volmgrx.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\rspndr.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\ipfltdrv.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\lsi_fc.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\sfloppy.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\tdpipe.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\vmbus.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\wacompen.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\usbcir.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\Wdf01000.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\BrUsbMdm.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\flpydisk.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\ndisuio.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\ohci1394.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\sermouse.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\uliagpkx.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\vwifibus.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\evbda.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\MegaSR.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\parport.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\qwavedrv.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\vms3cap.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\rdvgkmd.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\adpu320.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\iaStorV.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\sbp2port.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\pacer.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/348-0-0x0000000000400000-0x0000000000459000-memory.dmp	vmprotect
behavioral1/memory/348-1-0x0000000000400000-0x0000000000459000-memory.dmp	vmprotect
behavioral1/memory/348-4-0x0000000000400000-0x0000000000459000-memory.dmp	vmprotect

C:\Users\Admin\AppData\Local\Temp\3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
PID:348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/348-0-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/348-1-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/348-4-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads