Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
17/08/2024, 05:12
General
-
Target
a1508d6acaa0907f088ba7a4dcf8746e_JaffaCakes118.exe
-
Size
386KB
-
MD5
a1508d6acaa0907f088ba7a4dcf8746e
-
SHA1
0458c6b5581e6a6ab92ea98ed2264675dce4d95c
-
SHA256
ddb430d00afb7bc830f83519c749306dbc59fb8384b181c48522629d9c408302
-
SHA512
ffe51e7d578afb7f11c1b4c66a8801a67f970f4e9cfb29f76a1e5091e6370a2a165605c8532cceb009d700da8f183c37671e2c381fcf07224143940986180d0c
-
SSDEEP
6144:IU+BcxCxy+7LFOuUK4ERbwrQcTt14nIggVrVhuhJbdZjTG8NH:lYFy+7LFH4EoPggVJwHvjq8NH
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 33 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 20 IoCs
-
Drops file in Windows directory 13 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 41 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a1508d6acaa0907f088ba7a4dcf8746e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a1508d6acaa0907f088ba7a4dcf8746e_JaffaCakes118.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe /u /s "C:\Windows\system32/70l8.dll"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe /u /s "C:\Windows\system32/03ca.dll"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe /u /s "C:\Windows\system32/da3r.dll"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe /u /s "C:\Windows\system32/a3do.dll"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\330d.exeC:\Windows\system32/330d.exe -i2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\330d.exeC:\Windows\system32/330d.exe -s2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\h8nil4o8\mtv.exeC:\Users\Admin\AppData\Local\Temp\h8nil4o8\mtv.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32 C:\Windows\system32/330e.dll, Always2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\330d.exeC:\Windows\SysWOW64\330d.exe1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32 C:\Windows\system32/330e.dll,Always2⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32/regsvr32.exe /s "C:\Windows\system32/a3do.dll"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
163KB
MD58193259016ed1361fed185c1618d8fe7
SHA14519743085da0d84fd73889740308102ca6a0ed6
SHA256ae3c3074ac8d71645f773ee82c1268981b0dada64f61495966136cb31ec01c69
SHA512660e249f02ddb6f5f4e89b99cb93d1edb5e1c18c92961a800c914ec92f2c2adbe9c9585158e179f8a8b96a66713e1b1c112b660d18cf9c1e20cf8de50cf9e76a
-
Filesize
152KB
MD52819c652266bd06922454cd5db2f5ed7
SHA17be5259ae25da4b1843165a5c37053b79e8df95d
SHA256a6b48a8fc39a84917f155ca8e364dfd3f98819679ee46a6fafc95662e69bf797
SHA512fd656d053b03757a48335853a375bd593ddd01d7add495c380df383f178ac6a8fac041f3ab90b28e1221999026dc1dd5c50d1e928fc58ee8297f0c092f2d9ebb
-
Filesize
456KB
MD52b0f207062edf3654fb843ab49760cba
SHA1635dcacb957f5113f3104a44398e6dd6efe4ffdb
SHA2564962ef8b40e7ab799caae95f631ad8ce929a2af511725faa65c21dc805d9f727
SHA5122b282cfe2838ffba6ae46e83f59d35080cdab2a6ea3424565b84f3a6e9eea0005880ad5c5ef837b28f80ac02585c36166ca3b49cf2e2b5531d756e363712c7ab
-
Filesize
192KB
MD518ee4e8c63454425a8c97858a9c53b59
SHA177971f324090e78af5fd3544b17b1f45efa1b2af
SHA256afdb89ed06ce7cfb979ccb2822c358566689067d792694aa57e5d0d80cebec67
SHA5125cc0a868adf436f2720daaf636afce41473b0ade18fef7ed906b25fbc8c54dca333b13efb9559511847de12619fbe632dc8e516f159dce76ba4f00fb67820d21
-
Filesize
84KB
MD53a516664abbc3fa0eab06b3ec0e3a0e1
SHA1b7281a72a0d8696680facfc6d2f1d2e9f6d754d3
SHA2568b39c0567ecd43eb35b95e99d598564e1205acced78f8d95f1eba92395e6b88d
SHA51214040760ef727e91b128dbfe32ab847d0d271099d93b4463fa2ca303c4a075d206c6c43a9525bf3e978972fb7e5a505abbdfd1b0ce6932cfef8c97b518abad2f
-
Filesize
128KB
-
Filesize
8KB
-
Filesize
504KB
-
Filesize
504KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB