Overview

overview

7

Static

static

7

8270f12903...18.exe

windows7-x64

7

8270f12903...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 01:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8270f1290364e34f73222119f409bd27_JaffaCakes118.exe

  • Size

    307KB

  • MD5

    8270f1290364e34f73222119f409bd27

  • SHA1

    d14bd7f6851ddae3dca28d17a9587ef45b90bb64

  • SHA256

    07b65eef18a123c9afd377c4ed19d79176b3952959d181b5cb97ed7a58dd2c3f

  • SHA512

    6a640a7f4b321c92c3ba1b4299034cfadccb724255b3676f84e0c343d7354103f3d66fbc6400ff15763824d6a280bb8822f6217a44a329bc565e543c363f5b4d

  • SSDEEP

    6144:HNKIK84tmzVZMrRhZf4thqJNoEbpaPKW8wpowTZm:a84tmzgrlMhq/oEbpGfCwTZm

Score
7/10
bootkitdiscoverypersistenceupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\8270f1290364e34f73222119f409bd27_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8270f1290364e34f73222119f409bd27_JaffaCakes118.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    PID:760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/760-0-0x0000000000400000-0x00000000004B7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/760-11-0x0000000000400000-0x00000000004B7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/760-16-0x0000000000400000-0x00000000004B7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/760-17-0x0000000000400000-0x00000000004B7000-memory.dmp

    Filesize

    732KB

    Download