2f49803816e2ecfc6fedae550f419d292ce39e2a9530f28a4d187ea4cfd361c7

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
Size

161KB
MD5

44e4471cf202060cfdf697253119d5d9
SHA1

96417ad5385964e4f01e2a3e2c65b36c7f8593f0
SHA256

2f49803816e2ecfc6fedae550f419d292ce39e2a9530f28a4d187ea4cfd361c7
SHA512

83b2f020913cfbbce9376553f698fbff50bcd5e836cd818cef9dc5c87d41298bc0a224d852ac259c3c9577a4e45cf9ec1a6c2d57cb37bfb996852df76a3d5615
SSDEEP

3072:Q+BC3K5eqmhd+1OIKvxeeTl+V01w4NqfMSonoPZPFrqGws/iVudcs:4K7u1IPegG1Lq0SaGXrxlfW

Score

8^/10

vmprotect

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\adpu320.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\evbda.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\isapnp.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\nfrd960.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\Null.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\synth3dvsc.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\TsUsbGD.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\acpipmi.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\dmvsc.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\pcmcia.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\wd.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\adpahci.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\modem.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\hidir.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\parport.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\ql2300.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\usbcir.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\HpSAMD.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\MegaSR.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\uliagpkx.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\BrUsbMdm.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\MSPCLOCK.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\storvsc.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\viaide.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\arcsas.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\mpsdrv.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\nwifi.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\sermouse.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\mpio.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\BrUsbSer.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\hidbth.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\iirsp.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\msiscsi.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\MTConfig.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\nv_agp.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\appid.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\Brserid.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\flpydisk.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\gagp30kx.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\MSPQM.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\ndisuio.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\bxvbda.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\RDPWD.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\stexstor.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\terminpt.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\vsmraid.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\amdide.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\wmiacpi.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\amdsata.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\irenum.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\qwavedrv.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\adp94xx.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\ipnat.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\tdpipe.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\usbohci.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\rdvgkmd.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\iaStorV.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\lsi_sas2.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\wanarp.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\ipfltdrv.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\cmdide.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\hcw85cir.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\rdpdr.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\discache.sys	44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/3012-0-0x0000000000400000-0x000000000044D000-memory.dmp	vmprotect
behavioral1/memory/3012-2-0x0000000000400000-0x000000000044D000-memory.dmp	vmprotect
behavioral1/memory/3012-5-0x0000000000400000-0x000000000044D000-memory.dmp	vmprotect

C:\Users\Admin\AppData\Local\Temp\44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\44e4471cf202060cfdf697253119d5d9_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3012-0-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/3012-2-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/3012-5-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads