1c83dd6b2245413a5dc4cae0ea41586eb93d454208466afb8a0e115055b91feb

Analysis

max time kernel
24s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-07-2024 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
Size

132KB
MD5

70afca58aeb927d7d1ed62c7e19234f3
SHA1

397c19c3125e38ab4b4cba37207d81585b465a7d
SHA256

1c83dd6b2245413a5dc4cae0ea41586eb93d454208466afb8a0e115055b91feb
SHA512

b414a2f94b4a6690252490b63b12708343bc5556e4c3d2a46cb22929225d6bfc817c317ff0c2d1a59bbff8f201b6bfa3b667b6bfdacce807576df762a089a808
SSDEEP

3072:8+BC3K5eq0kDC2z6QVCm/8zBsLE+++GE3VvC8t:sK70kZzTIm/8ON+W3Vqc

Score

8^/10

vmprotect

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\amdide.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\bthmodem.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\stexstor.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\vsmraid.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\vwifibus.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\aliide.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\MSTEE.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\rdpdr.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\terminpt.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\usbuhci.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\rdpencdd.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\errdev.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DRIVERS\rasacd.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DRIVERS\scfilter.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\HidBatt.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\ql2300.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\BrFiltUp.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\iaStorV.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DRIVERS\tssecsrv.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\rspndr.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\Wdf01000.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\iirsp.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\lsi_sas.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\TsUsbGD.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\nfrd960.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\sfloppy.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\tsusbflt.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\lltdio.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\BrUsbSer.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\kbdhid.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\megasas.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\NDProxy.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\dmvsc.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\storvsc.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\usbccgp.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\Beep.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\wmiacpi.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\lsi_scsi.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\mpsdrv.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\peauth.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\amdk8.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\drmkaud.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\lsi_fc.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\b57nd60a.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\evbda.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\spldr.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\1394ohci.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\Drivers\BrSerWdm.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\sffp_mmc.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\serial.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\dxgkrnl.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\nv_agp.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\pciide.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\drivers\rdpvideominiport.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\umpass.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\acpipmi.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\cmdide.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\compbatt.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\VMBusHID.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\fdc.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\hcw85cir.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\DRIVERS\ndiscap.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\nvstor.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
File opened for modification	C:\Windows\system32\drivers\serenum.sys	70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2928-0-0x0000000000400000-0x000000000043C000-memory.dmp	vmprotect
behavioral1/memory/2928-1-0x0000000000400000-0x000000000043C000-memory.dmp	vmprotect
behavioral1/memory/2928-4-0x0000000000400000-0x000000000043C000-memory.dmp	vmprotect

C:\Users\Admin\AppData\Local\Temp\70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\70afca58aeb927d7d1ed62c7e19234f3_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2928-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2928-1-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2928-4-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads