c88258da586f9e3daf2e617de63709b5d0befb693604245755a93fe8e1f3fc03

General

Target

94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe
Size

156KB
MD5

94eaeefaa74cd4f5c514e8fc597ec178
SHA1

04e1583b4a45fe8a46e9650f9df57e9604500097
SHA256

c88258da586f9e3daf2e617de63709b5d0befb693604245755a93fe8e1f3fc03
SHA512

fe44f6b630b02e6ec36d5f9a84b48473964f19c6ed7b127efe1089d0eb92eef258c2896342e05bb6dac5e0a4524bf0a3f1ae406e8e949cde9300a13886fc327b
SSDEEP

3072:md18UaFPmgRMNlPTGQQm6ytwZEsrYkK4JhnhM71wof:S298gWNlPTGQQm6agrdJhnhMxw4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1720	tmp.exe

Loads dropped DLL 2 IoCs

pid	Process
2192	94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe
2192	94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2192	94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 1720	2192	94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe	30
PID 2192 wrote to memory of 1720	2192	94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe	30
PID 2192 wrote to memory of 1720	2192	94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe	30
PID 2192 wrote to memory of 1720	2192	94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe	30

C:\Users\Admin\AppData\Local\Temp\94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\94eaeefaa74cd4f5c514e8fc597ec178_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  C:\Users\Admin\AppData\Local\Temp\tmp.exe
  2⤵
  - Executes dropped EXE
  PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

1

T1542

Bootkit

1

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

1

T1542

Bootkit

1

T1542.003

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\tmp.exe

Filesize
6KB

MD5
dc1c160ddf0af52ad3615df1a20d8b2f

SHA1
da106660d58824155088aa02241da0faa1e3da8f

SHA256
8020a6442b78c1a8a5659efa28b6b9b7d91c7a158193536cbae98c5905e44372

SHA512
78f46229f41be15f68972f90f150048a5ebe6ed0fb24c9daca9b1ccdc026498dc0890ce6657a3e13571c7b47552acd532c1e88cbcf833e8f3ceb6047e4b8b82e

Download Submit
memory/2192-21-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/2192-26-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/2192-12-0x0000000000490000-0x0000000000493000-memory.dmp

Filesize
12KB

Download
memory/2192-10-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2192-9-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2192-8-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2192-7-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2192-6-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2192-5-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2192-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2192-3-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2192-2-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/2192-11-0x0000000000450000-0x0000000000451000-memory.dmp

Filesize
4KB

Download
memory/2192-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2192-14-0x0000000000480000-0x0000000000482000-memory.dmp

Filesize
8KB

Download
memory/2192-20-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2192-28-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/2192-17-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/2192-16-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/2192-27-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/2192-19-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2192-29-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/2192-18-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download
memory/2192-25-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/2192-24-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/2192-23-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/2192-30-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/2192-1-0x00000000003B0000-0x00000000003F3000-memory.dmp

Filesize
268KB

Download
memory/2192-39-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2192-40-0x00000000003B0000-0x00000000003F3000-memory.dmp

Filesize
268KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads