94db636bc0a64d4b16943ec11acf771b81191aa1658d0fadc5a9521c83888b2f

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
Size

197KB
MD5

3b3c148e76f2ea4133474a9fd67e1ba7
SHA1

9599413b1b8dab8b8213667ec4094423ca5497c2
SHA256

94db636bc0a64d4b16943ec11acf771b81191aa1658d0fadc5a9521c83888b2f
SHA512

2ba2d5f40a8b074ff20ac3a46667d6359023f9e47c63f904dd81a7cf64c608da856a2cd0537398015da54b0a94f815bce00fa4d11d7278e8cebf08314436808c
SSDEEP

6144:IK7h8AipVrCZwT3vtvKl6uu1aKX7YnQktTjLG:FhfWm2vtvKQuJKsnQktXLG

Score

8^/10

vmprotect

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\processr.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\rassstp.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\tsusbflt.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\vstxraid.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\percsas2i.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\megasas.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\MSTEE.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\nvraid.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\lsi_sas3i.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\hidir.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\ramdisk.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DRIVERS\scfilter.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\vsmraid.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\WdmCompanionFilter.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\winverbs.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\acpitime.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\errdev.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\hidinterrupt.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\iaStorAVC.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\ibbus.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\MSKSSRV.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\vmgid.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\amdxata.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\EhStorTcgDrv.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\sdbus.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\BTHMINI.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\MSPQM.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DRIVERS\ndistapi.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\NetAdapterCx.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\usbaudio2.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\hvservice.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\lsi_sas.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\nvstor.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\SiSRaid2.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\intelide.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\HyperVideo.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\ipfltdrv.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\storvsc.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\dmvsc.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\sisraid4.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\xboxgip.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\SerCx2.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\rfcomm.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\Acx01000.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\fdc.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\hidi2c.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\sbp2port.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\scmbus.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\vmbus.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\arcsas.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\bridge.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\NDKPing.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\vmgencounter.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\hidspi.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\IndirectKmd.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\lsi_sss.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\nwifi.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\percsas3i.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\PktMon.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\buttonconverter.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\netvsc.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/3248-0-0x0000000000400000-0x0000000000459000-memory.dmp	vmprotect
behavioral2/memory/3248-1-0x0000000000400000-0x0000000000459000-memory.dmp	vmprotect
behavioral2/memory/3248-2-0x0000000000400000-0x0000000000459000-memory.dmp	vmprotect

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\genericusbfn.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\UfxChipidea.sys	3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3b3c148e76f2ea4133474a9fd67e1ba7_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
PID:3248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3248-0-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3248-1-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3248-2-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads