a39109147044e7f471a2fcda1b671c47cb09ebb17d1d5ed45f6d10408d36b8ca

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16-08-2024 22:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a022aafe52981c2b67d8db72b0654bb0_JaffaCakes118.exe
Size

785KB
MD5

a022aafe52981c2b67d8db72b0654bb0
SHA1

7356ecf3eedc1475d1af1f8977acf6c7350b4c98
SHA256

a39109147044e7f471a2fcda1b671c47cb09ebb17d1d5ed45f6d10408d36b8ca
SHA512

c60658a84629eac8277c50a389f8488e81fb33d54c9a11d3fe22287550ca651b28afdd2f6d6e592e4e72ca0bc09d936a9fe751de3a35bef81cfc68dda761d931
SSDEEP

24576:GHpIxgcKpNlK8snnub9YGv/nx41x4OXcUfw:5/GlKLGv/nx41GONY

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	a022aafe52981c2b67d8db72b0654bb0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a022aafe52981c2b67d8db72b0654bb0_JaffaCakes118.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	a022aafe52981c2b67d8db72b0654bb0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	a022aafe52981c2b67d8db72b0654bb0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	a022aafe52981c2b67d8db72b0654bb0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\a022aafe52981c2b67d8db72b0654bb0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a022aafe52981c2b67d8db72b0654bb0_JaffaCakes118.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\WinServices.dll

Filesize
42B

MD5
cc0058212ffd86c236f23af62bac585f

SHA1
84191b978b3b0a32f51578b6264a168cdab902ee

SHA256
6ca14c37e2daba37330c37f4ca215adf583c82eb694a7c1cb9f894c119684519

SHA512
8207acebde42bf0ad89f81f29d3edefc7080c764e306612b270b49b1ead6d2951d893421d689b2c85d308f0e7a35bd74eac4c37cebbe7b975ec4d6b661fad403

Download Submit
memory/332-37-0x0000000002F10000-0x0000000002F11000-memory.dmp

Filesize
4KB

Download
memory/332-135-0x0000000003F80000-0x0000000003F81000-memory.dmp

Filesize
4KB

Download
memory/332-134-0x0000000003F60000-0x0000000003F61000-memory.dmp

Filesize
4KB

Download
memory/332-133-0x0000000003F40000-0x0000000003F41000-memory.dmp

Filesize
4KB

Download
memory/332-132-0x0000000003F20000-0x0000000003F21000-memory.dmp

Filesize
4KB

Download
memory/332-131-0x0000000003F00000-0x0000000003F01000-memory.dmp

Filesize
4KB

Download
memory/332-130-0x00000000002F0000-0x0000000000320000-memory.dmp

Filesize
192KB

Download
memory/332-129-0x0000000003290000-0x0000000003291000-memory.dmp

Filesize
4KB

Download
memory/332-128-0x0000000003F90000-0x0000000003F91000-memory.dmp

Filesize
4KB

Download
memory/332-127-0x0000000003FA0000-0x0000000003FA1000-memory.dmp

Filesize
4KB

Download
memory/332-126-0x0000000003F70000-0x0000000003F71000-memory.dmp

Filesize
4KB

Download
memory/332-125-0x0000000003F50000-0x0000000003F51000-memory.dmp

Filesize
4KB

Download
memory/332-124-0x0000000003F30000-0x0000000003F31000-memory.dmp

Filesize
4KB

Download
memory/332-123-0x0000000003F10000-0x0000000003F11000-memory.dmp

Filesize
4KB

Download
memory/332-122-0x0000000003EF0000-0x0000000003EF1000-memory.dmp

Filesize
4KB

Download
memory/332-121-0x0000000003ED0000-0x0000000003ED1000-memory.dmp

Filesize
4KB

Download
memory/332-120-0x0000000003EE0000-0x0000000003EE1000-memory.dmp

Filesize
4KB

Download
memory/332-119-0x0000000003EB0000-0x0000000003EB1000-memory.dmp

Filesize
4KB

Download
memory/332-118-0x0000000003EC0000-0x0000000003EC1000-memory.dmp

Filesize
4KB

Download
memory/332-117-0x0000000003E90000-0x0000000003E91000-memory.dmp

Filesize
4KB

Download
memory/332-116-0x0000000003EA0000-0x0000000003EA1000-memory.dmp

Filesize
4KB

Download
memory/332-115-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/332-114-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/332-113-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/332-112-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/332-111-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/332-110-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/332-109-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/332-108-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/332-107-0x0000000003340000-0x0000000003341000-memory.dmp

Filesize
4KB

Download
memory/332-106-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/332-105-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download
memory/332-104-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/332-139-0x0000000003FC0000-0x0000000003FC1000-memory.dmp

Filesize
4KB

Download
memory/332-137-0x0000000003FD0000-0x0000000003FD1000-memory.dmp

Filesize
4KB

Download
memory/332-103-0x0000000003300000-0x0000000003301000-memory.dmp

Filesize
4KB

Download
memory/332-102-0x0000000003310000-0x0000000003311000-memory.dmp

Filesize
4KB

Download
memory/332-101-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/332-100-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/332-99-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/332-98-0x00000000032D0000-0x00000000032D1000-memory.dmp

Filesize
4KB

Download
memory/332-96-0x00000000032A0000-0x00000000032A1000-memory.dmp

Filesize
4KB

Download
memory/332-95-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/332-94-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/332-90-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-51-0x0000000003260000-0x0000000003261000-memory.dmp

Filesize
4KB

Download
memory/332-50-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/332-49-0x0000000003240000-0x0000000003241000-memory.dmp

Filesize
4KB

Download
memory/332-48-0x0000000003250000-0x0000000003251000-memory.dmp

Filesize
4KB

Download
memory/332-47-0x0000000003230000-0x0000000003231000-memory.dmp

Filesize
4KB

Download
memory/332-46-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/332-45-0x00000000030C0000-0x00000000030C1000-memory.dmp

Filesize
4KB

Download
memory/332-44-0x00000000030D0000-0x00000000030D1000-memory.dmp

Filesize
4KB

Download
memory/332-43-0x00000000030A0000-0x00000000030A1000-memory.dmp

Filesize
4KB

Download
memory/332-42-0x00000000030B0000-0x00000000030B1000-memory.dmp

Filesize
4KB

Download
memory/332-41-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/332-40-0x0000000003090000-0x0000000003091000-memory.dmp

Filesize
4KB

Download
memory/332-39-0x0000000003060000-0x0000000003061000-memory.dmp

Filesize
4KB

Download
memory/332-38-0x0000000003070000-0x0000000003071000-memory.dmp

Filesize
4KB

Download
memory/332-36-0x0000000002EF0000-0x0000000002EF1000-memory.dmp

Filesize
4KB

Download
memory/332-35-0x0000000002ED0000-0x0000000002ED1000-memory.dmp

Filesize
4KB

Download
memory/332-34-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/332-33-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/332-32-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/332-31-0x0000000002F00000-0x0000000002F01000-memory.dmp

Filesize
4KB

Download
memory/332-30-0x0000000002EE0000-0x0000000002EE1000-memory.dmp

Filesize
4KB

Download
memory/332-29-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/332-28-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download
memory/332-27-0x0000000000A30000-0x0000000000A31000-memory.dmp

Filesize
4KB

Download
memory/332-26-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/332-25-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/332-24-0x0000000000A20000-0x0000000000A21000-memory.dmp

Filesize
4KB

Download
memory/332-23-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/332-22-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/332-21-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/332-20-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/332-19-0x00000000007B0000-0x00000000007B1000-memory.dmp

Filesize
4KB

Download
memory/332-18-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/332-17-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/332-16-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/332-15-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/332-14-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/332-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/332-12-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/332-11-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/332-10-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/332-9-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/332-8-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/332-7-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/332-6-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/332-5-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/332-4-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/332-3-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/332-2-0x0000000000250000-0x0000000000252000-memory.dmp

Filesize
8KB

Download
memory/332-1-0x00000000002F0000-0x0000000000320000-memory.dmp

Filesize
192KB

Download
memory/332-0-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-148-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-152-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-155-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-159-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-166-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-169-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-173-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-176-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-180-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/332-183-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads