Analysis
-
max time kernel
0s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
12-07-2024 11:49
Static task
static1
Behavioral task
behavioral1
Sample
3d41463345af62fa5e71fa88df98f75f_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3d41463345af62fa5e71fa88df98f75f_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
3d41463345af62fa5e71fa88df98f75f_JaffaCakes118.exe
-
Size
139KB
-
MD5
3d41463345af62fa5e71fa88df98f75f
-
SHA1
bc083204d9de64af2d5f4da7e00247b06ec4b722
-
SHA256
962fbc19ebfc798ac0768fb8c2eb4b2e4822d2dfa717520625e576ed877f5acb
-
SHA512
e3dd4e6750827d6a2ae04f9269cde41fa2910d428038c745284e1b554fb00a1b2b8f781dc7ae9e2896aa606c1ae9b6f115ecd2aa320fb572e209c107d529cc4c
-
SSDEEP
3072:ASB6fMiCOQibXjFyZ25m8LF0yLvLiR0fuT4:VsfM34Xjoam8LF0sji0uT
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\physicaldrive0 3d41463345af62fa5e71fa88df98f75f_JaffaCakes118.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3012 3d41463345af62fa5e71fa88df98f75f_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 3012 3d41463345af62fa5e71fa88df98f75f_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d41463345af62fa5e71fa88df98f75f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\3d41463345af62fa5e71fa88df98f75f_JaffaCakes118.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
PID:3012